SSO login fails with no session available

[JesseKPhillips]

Steps to reproduce

I am hosting Synapse and Nextcloud on the same server with Nextcloud providing OIDC.

1. Configure synapse in a sub-domain but present without sub-domain
2. Configure an OIDC
3. Login with SSO
4. Login to other locations with SSO - 2 maybe 3, I had 4.
5. Within the app, go to privacy -> Sessions
6. Attempt to log-out a session
7. You'll be prompted to login to verify identity, do so

• chat.\ - Points to Synapse Docker instance port 8008
• matrix-fed.\ - Points to Synapse Docker instance port 8008
• cloud.\ - Points to Nextcloud instance
• \/_matrix/ - Points to Synapse Docker instance 8008
• \/_synapse/ - Points to Synapse Docker instance 8008
• .well-known/matrix/server - directs to matrix-fed.\
• .well-known/matrix/client - directs to chat.\

This has all been done to get successful connection to the federation. And some additional back story can be found https://github.com/matrix-org/matrix.org/issues/206#issuecomment-2087876120

---

server_name: "<homeserver>"
pid_file: /data/homeserver.pid
listeners:
  - port: 8008
    tls: false
    type: http
    x_forwarded: true
    resources:
      - names: [client, federation]
        compress: false
database:
  name: sqlite3
  args:
    database: /data/homeserver.db
log_config: "/data/chat.<homeserver>.log.config"
media_store_path: /data/media_store
registration_shared_secret: "this is the secret I use"
report_stats: true
macaroon_secret_key: "I have special secrets I tell you"
form_secret: "Alright I give, the secret is"
signing_key_path: "/data/chat.<homeserver>.signing.key"
trusted_key_servers:
  - server_name: "<homeserver>"
  - server_name: "chat.<homeserver>"

web_client_location: "https://cloud.<homeserver>/apps/riotchat/#/home"
public_baseurl:  "https://chat.<homeserver>/"

password_config:
  enabled: false

sso:
  client_whitelist:
    - "https://cloud.<homeserver>"
    - "https://<homeserver>"
    - "https://chat.<homeserver>" # Ok, I probably don't need this
  update_profile_information: true

oidc_providers:
  - idp_id: nextcloud
    idp_name: "Secret"
    skip_verification: false
    issuer: "https://cloud.<homeserver>"
    client_id: "gah, now you know"
    client_secret: ""
    client_auth_method: "client_secret_post"
    scopes: ["openid", "profile"] 
    authorization_endpoint: "https://cloud.<homeserver>/apps/oidc/authorize"
    token_endpoint: "https://cloud.<homeserver>/apps/oidc/token"
    userinfo_endpoint: "https://cloud.<homeserver>/apps/oidc/userinfo"
    jwks_uri: "https://cloud.<homeserver>/apps/oidc/jwks"

Outcome

What did you expect?

The login to be successful and verified, with the session being removed from the active list.

The initial login page should take you to chat.\

What happened instead?

The Initial Login Page opens \ when you go to click to login it takes you to the chat.\ and presents a page that the session is missing.

Your phone model

Samsaugn A13

Operating system version

Android 11

Application version and app store

Element 1.6.14 G-310cecf5

Homeserver

Synapse 1.105.1

Will you send logs?

No

Are you willing to provide a PR?

No