Closed CoLuxe closed 1 month ago
Hi @CoLuxe , I cannot reproduce it. Can you share your config and possibly more details?
I tried with one OpenID provider set to true and oidc-auto-redirect = false
. Only when I set the latter to true
the redirect is happening.
Thats the Log while accessing the login page:
024.05.26 15:58:29:0000 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /app
2024.05.26 15:58:29:0001 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 200 OK
2024.05.26 15:58:29:0000 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 POST /api/v1/sec/calevent/check
2024.05.26 15:58:29:0000 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 POST /api/v1/sec/auth/session
2024.05.26 15:58:29:0001 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:29:0001 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:29:0002 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 POST /api/v1/sec/calevent/check
2024.05.26 15:58:29:0003 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:29:0004 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/tag?sort=name&q=
2024.05.26 15:58:29:0002 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/share?q=&owning
2024.05.26 15:58:29:0003 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:29:0005 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:29:0004 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/tag?sort=name&q=
2024.05.26 15:58:29:0005 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:29:0006 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/querybookmark
2024.05.26 15:58:29:0007 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:29:0006 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/notification/channel
2024.05.26 15:58:29:0007 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:29:0008 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/tag?sort=name&q=
2024.05.26 15:58:29:0009 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:29:0008 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/clientSettings/collective/webClient
2024.05.26 15:58:29:0009 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:29:0010 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/clientSettings/collective/webClientDashboards
2024.05.26 15:58:29:0011 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:29:0012 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/folder?q=&sort=name
2024.05.26 15:58:29:0013 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:29:0010 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/querybookmark
2024.05.26 15:58:29:0011 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:29:0012 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/querybookmark
2024.05.26 15:58:29:0013 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:29:0014 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/clientSettings/collective/webClientDashboards
2024.05.26 15:58:29:0015 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:29:0014 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/clientSettings/webClient
2024.05.26 15:58:29:0015 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:29:0016 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/info/version
2024.05.26 15:58:29:0017 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 200 OK
2024.05.26 15:58:29:0016 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/email/settings/smtp?q=
2024.05.26 15:58:29:0017 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:29:0018 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/source
2024.05.26 15:58:29:0019 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:29:0020 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/addon/run-config
2024.05.26 15:58:29:0021 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:29:0018 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/addon/archive
2024.05.26 15:58:29:0019 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:29:0020 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/addon/archive
2024.05.26 15:58:29:0021 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:29:0022 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/notification/hook
2024.05.26 15:58:29:0023 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:29:0022 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/user
2024.05.26 15:58:29:0023 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:29:0024 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/usertask/periodicquery
2024.05.26 15:58:29:0025 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:29:0026 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/user/otp/state
2024.05.26 15:58:29:0027 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:29:0024 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /app/login?r=/app/dashboard&openid=0
2024.05.26 15:58:29:0025 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 200 OK
2024.05.26 15:58:29:0002 [io-comp...] [INFO ] docspell.restserver.webapp.Templates.loadTemplate:61 - Compiled template jar:file:/home/docspell/docspell/rest/lib/com.github.eikek.docspell-restserver-0.41.0.jar!/sw.js
2024.05.26 15:58:29:0028 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /sw.js
2024.05.26 15:58:29:0029 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 200 OK
2024.05.26 15:58:30:0000 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/info/version
2024.05.26 15:58:30:0001 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 200 OK
2024.05.26 15:58:29:0026 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/email/settings/smtp?q=
2024.05.26 15:58:29:0027 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:30:0002 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/clientSettings/webClient
2024.05.26 15:58:30:0003 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:29:0028 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 POST /api/v1/sec/calevent/check
2024.05.26 15:58:29:0029 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:29:0030 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 POST /api/v1/sec/calevent/check
2024.05.26 15:58:29:0031 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:29:0032 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/source
2024.05.26 15:58:29:0033 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:30:0004 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/folder?q=&sort=name
2024.05.26 15:58:30:0005 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:30:0006 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/addon/run-config
2024.05.26 15:58:30:0007 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:30:0000 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/addon/archive
2024.05.26 15:58:30:0001 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:30:0008 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/user
2024.05.26 15:58:30:0009 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:30:0010 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/addon/archive
2024.05.26 15:58:30:0011 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:30:0002 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/usertask/periodicquery
2024.05.26 15:58:30:0003 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:30:0012 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/notification/hook
2024.05.26 15:58:30:0013 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:30:0014 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/sec/user/otp/state
2024.05.26 15:58:30:0015 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 403 Forbidden
2024.05.26 15:58:30:0004 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/open/auth/openid/keycloak
2024.05.26 15:58:30:0005 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 302 Found
2024.05.26 15:58:30:0016 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /sw.js
2024.05.26 15:58:30:0017 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 200 OK
My config:
{ enabled = true,
# The name to render on the login link/button.
display = "Keycloak"
# This illustrates to use a custom keycloak setup as the
# authentication provider. For details, please refer to the
# keycloak documentation. The settings here assume a certain
# configuration at keycloak.
#
# Keycloak can be configured to return the collective name for
# each user in the access token. It may also be configured to
# return it in the user info response. If it is already in the
# access token, an additional request can be omitted. Set the
# `sign-key` to an empty string then. Otherwise provide the
# algo and key from your realm settings. In this example, the
# realm is called "home".
provider = {
provider-id = "keycloak",
client-id = "XXXX",
client-secret = "XXXX",
scope = "profile openid email", # scope is required for OIDC
authorize-url = "https://XXXX/realms/XXXX/protocol/openid-connect/auth",
token-url = "https://XXXX/realms/XXXX/protocol/openid-connect/token",
#User URL is not used when signature key is set.
user-url = "https://XXXX/realms/XXXX/protocol/openid-connect/userinfo",
logout-url = "https://XXXX/realms/XXXX/protocol/openid-connect/logout?client_id=XXXX&post_logout_redirect_uri=https://XXXX",
oidc-auto-redirect = false,
#on-account-source-conflict = convert,
sign-key = "b64:",
sig-algo = "RS512"
},
# The collective of the user is given in the access token as
# property `docspell_collective`.
collective-key = "lookup:preferred_username",
# The username to use for the docspell account
user-key = "preferred_username"
},
Not sure if you intended to show the whole config or only this snippet? I think I need more :) Is this the only openid provider? The logs are not showing anything, because the problem would be the client. When you go to docspell main page, and then select "view page source", you see a config object elmFlags
injected from the server. Can you see what it says?
I didnt get it pasted here, without making weird things. So here is my config on pastebin:
You mean the debugging console in my browser?
Edit: Got it:
var elmFlags = {
"account": account,
"pdfSupported": pdfSupported,
"innerWidth": window.innerWidth,
"config": {
"appName" : "Docspell",
"baseUrl" : "https://XXX",
"signupMode" : "open",
"docspellAssetPath" : "/app/assets/docspell-webapp/0.41.0",
"integrationEnabled" : false,
"fullTextSearchEnabled" : true,
"maxPageSize" : 200,
"maxNoteLength" : 180,
"showClassificationSettings" : true,
"downloadAllMaxFiles" : 500,
"downloadAllMaxSize" : 1468006400,
"uiVersion" : 2,
"openIdAuth" : [
{
"provider" : "keycloak",
"name" : "Keycloak",
"logoutUrl" : "https://XXX/realms/atheria.de/protocol/openid-connect/logout?client_id=XXX&post_logout_redirect_uri=https://XXX"
}
],
"addonsEnabled" : false,
"oidcAutoRedirect" : true
}
};
Well it looks like it doesnt read my config right? Its set to "true" even if its "false" in the config.
Edit 2: I tried it first in Firefox, then in Microsoft Edge with clear Browserdata (Cache, Cookies etc) still the same.
Edit 3: I set "oidc-auto-redirect = false" at the wrong section. So yes, its a Layer 8 problem ;) Im using Docspell too long and never updated the config to the actual version. So thanks, problem solved
Great! All good then :) (closing it, just reopen if something is not good)
I set up Docspell with Keycloak and its working finde. But I no longer cant login with the Docspell login page, cause it directly redirect it to keycloak.
It makes no difference if "oidc-auto-redirect" is not set or even set to "false". No error in the log.