Your Riot is misconfigured - Identity server URL does not appear to be a valid identity server

[ghnp5]

Description

Upgrading from 1.5.3 to 1.5.4, I get this red error:

Your Riot is misconfigured Identity server URL does not appear to be a valid identity server

This is corrected when I downgrade.

Steps to reproduce

In my config.json, I had this, which works with 1.5.3:

"default_hs_url": "https://myserver.com",
"default_is_url": "https://myserver.com",

I tried to change to:

"default_server_config": "https://myserver.com",

and then to:

"default_server_config": "myserver.com",

The error doesn't disappear.

Version information

• Platform: web (in-browser)
• Browser: Chrome, latest stable
• OS: Windows

[jryans]

Is https://myserver.com running an identity server? Does your homeserver have a .well-known config at https://myserver.com/.well-known/matrix/client? Does it include an identity server section?

[evilham]

Same issue here: the setup URL is not running an identity server, until now setting it to the same Matrix URL was a way to not have any info leak (client request to vector.im's IS) and also to disable identity servers. disable_3pid_logins is set to true in riot's config, so it's a bit odd that this is considered a fatal error. This also means that if at any time the default IS is down for whatever reason, nobody can login with riot, even if they don't use 3pids to login.

Addendum: it looks like this is fixing #10763, but actually MSC should be fixed as to not have this be an issue.

Also: From some quick testing, removing m.identity_server altogether appears to both allow logins and not make random requests to another identity server, hopefully someone can confirm this too.

[jryans]

Is it possible for anyone affected to try building the develop branch from source to see if there's any change?

https://github.com/matrix-org/matrix-js-sdk/pull/1062 may fix this, and was accidentally left out of the 1.5.4 release.

To be clear, the intent is for the IS to be optional, so seeing this hard error is some kind of bug. The related MSC exists to relax what the spec says in this case.

[ghnp5]

Is https://myserver.com running an identity server? Does your homeserver have a .well-known config at https://myserver.com/.well-known/matrix/client? Does it include an identity server section?

It runs Synapse. The well known config doesn't seem to exist (404). How do I add it? I didn't see anywhere that I have to add it.

[jryans]

The well known config doesn't seem to exist (404). How do I add it? I didn't see anywhere that I have to add it.

It's not required. I am just trying to understand your configuration so we can try to reproduce.

[evilham]

@ghnp5: FWIW: you should check the config.sample.json it looks like some of your settings have a very old schema; after that try to not set up m.identity_server under default_servers.

@jryans: I might make some time for building from source in the next few days, but for me the behaviour of: "Setting up an IS for Riot to work is optional. If there is no default IS set up, things work just fine and limited to username login" is perfectly fine and it appears that it's precisely the case now. It used to be the case that not having a default IS was an error, so having a fake IS URL that showed a warning was the next best thing.

[jryans]

So far, I am not able to reproduce this issue by downloading 1.5.3 and using:

    "default_hs_url": "https://matrix.org",
    "default_is_url": "https://example.nonsense",

in my config, so it's possible additional factors are involved.

Could someone affected please include their full Riot config file?

[evilham]

So far, I am not able to reproduce this issue by downloading 1.5.3 and using:

    "default_hs_url": "https://matrix.org",
    "default_is_url": "https://example.nonsense",

In my case it had to be 1.5.4 and not have an active session (e.g. private mode) for the issue to be reproducible with these settings (and no IS on matrix.$DOMAIN).

{
    "default_server_config": {
        "m.homeserver": {
            "base_url": "https://matrix.$DOMAIN",
            "server_name": "$DOMAIN"
        },
        "m.identity_server": {
            "base_url": "https://matrix.$DOMAIN"
        }
    },
    "disable_identity_server": true,
    "disable_custom_urls": true,
    "disable_guests": true,
    "disable_login_language_selector": false,
    "disable_3pid_login": true,
    "brand": "$DOMAIN",
    "integrations_ui_url": "https://scalar.vector.im/",
    "integrations_rest_url": "https://scalar.vector.im/api",
    "integrations_widgets_urls": [
        "https://scalar.vector.im/_matrix/integrations/v1",
        "https://scalar.vector.im/api",
        "https://scalar-staging.vector.im/_matrix/integrations/v1",
        "https://scalar-staging.vector.im/api",
        "https://scalar-staging.riot.im/scalar/api"
    ],
    "integrations_jitsi_widget_url": "https://scalar.vector.im/api/widgets/jitsi.html",
    "bug_report_endpoint_url": "https://riot.im/bugreports/submit",
    "showLabsSettings": true,
    "features": {
        "feature_pinning": "labs",
        "feature_custom_status": "labs",
        "feature_custom_tags": "labs",
        "feature_state_counters": "labs"
    },
    "default_federate": true,
    "default_theme": "light",
    "roomDirectory": {
        "servers": [
            "$DOMAIN"
        ]
    },
    "piwik": {},
    "enable_presence_by_hs_url": {
        "https://matrix.$DOMAIN": true
    },
    "settingDefaults": {
        "breadcrumbs": true
    }
}

Also, things work as I expected by changing default_server_config to:

    "default_server_config": {
        "m.homeserver": {
            "base_url": "https://matrix.$DOMAIN",
            "server_name": "$DOMAIN"
        }
    }

[jryans]

In my case it had to be 1.5.4 and not have an active session (e.g. private mode) for the issue to be reproducible with these settings (and no IS on matrix.$DOMAIN).

Aha, great, that helps, I can reproduce now with 1.5.4 and signing out to ensure no active session. (Not sure why I tried 1.5.3 before, that's of course the working version... 😅)

The issue is fixed with latest develop, so we just need to do a release that includes https://github.com/matrix-org/matrix-js-sdk/pull/1062.

[jryans]

Closing as well, since it's fixed on develop. The current plan is to publish a fixed release tomorrow morning UK time.

[ghnp5]

@jryans @evilham

I understand the next version tomorrow will "relax" the config, but I still want to make sure that MY identity server is used, and not someone else's identity server.

Therefore, I went ahead and followed the suggestion of updating my config.json file (and a copy of it is in "config.my-riot-server.com.json", to prevent some 404 error I noticed very long ago), taking as template the "config.sample.json".

Then, I made sure that the following URL: https://my-matrix-server.com/.well-known/matrix/client

Returns the following: { "m.homeserver": { "base_url": "https://my-matrix-server.com" }, "m.identity_server": { "base_url": "https://my-matrix-server.com" } }

After that, I updated again to 1.5.4, and I'm still getting the same error.

So, what's wrong, still?

Matrix server is definitely running.

This is the beginning of Riot config:

{ "default_server_config": { "m.homeserver": { "base_url": "https://my-matrix-server.com", "server_name": "my-matrix-server.com" }, "m.identity_server": { "base_url": "https://my-matrix-server.com" } },

[jryans]

@ghnp5 1.5.4 has a bug which causes invalid identity servers to show this hard error on startup (if you are not logged in). The next release tomorrow will only show a warning for this case.

A homeserver is not the same as an identity server, so I am assuming you are not actually running an identity server, which is why the startup check fails (1.5.4 treats that failure as an error, next release will show a warning instead).

Riot no longer defaults the identity server, so there's no need to set it to something unless you actually are running such a server.

If I have misunderstood and you are trying to run your own identity server as well, then seeing this error suggests it is not properly configured.

[ghnp5]

@jryans ah ok! In that case, that answers my question and I'm happy to leave this as is, and wait for tomorrow's release :) Thank you very much for your explanation.

[lijianl]

I open the browser and download the Desktop from https://about.riot.im/, it appears "Your Riot is misconfigured", is this URL is the public and available link? how to solve

[jryans]

I open the browser and download the Desktop from https://about.riot.im/, it appears "Your Riot is misconfigured", is this URL is the public and available link? how to solve

Please file a new issue with more details. It's working fine here, so we'll need more info to learn why it doesn't work for you.