search

jitsi / jicofo

JItsi COnference FOcus is a server side focus component used in Jitsi Meet conferences.
Apache License 2.0
317 stars 347 forks source link

Shibboleth / HTTP header sso authentification with lemonldap fails #724

Closed jnfohr closed 3 years ago

jnfohr commented 3 years ago

Description

The latest version of jitsi seems to have broken the ability to use lemonldap http header SSO authentication for hosts. The following documentation was followed and worked flawlessly until yesterday's upgrade (protecting the /login/ url with lemonldap after configuring shibboleth auth): https://lemonldap-ng.org/documentation/2.0/applications/jitsimeet.html

Current behavior

Currently no redirection to lemonldap auth portal is done and the classic jitsi meet authentication form appears

Expected Behavior

Redirection to lemonldap aud use of provided mail http headers as authentication .

Could you indicate what change breaks the previous behaviour?

Thanks & regards

Jean-Noël Fohr

damencho commented 3 years ago

Please when you have a question or problems, use the community forum before opening new issues, thank you.

I'm transferring the issue to jicofo for now, till we triage it.

damencho commented 3 years ago

@daimoc I know you are using shibboleth and have a way to test this. Can you confirm the same?

bgrozev commented 3 years ago

What is the latest known working and the first broken version of jicofo?

jnfohr commented 3 years ago

The issue follows yesterday's jitsi stable update. So for jicofo:

bgrozev commented 3 years ago

Can you also share jocofo logs?

jnfohr commented 3 years ago

Here's a start log, i do not get any other message

jicofo_start.log

daimoc commented 3 years ago

Hi @damencho, I reproduce this issue and it seems that it is an issue on the javascript side maybe link to this commit : https://github.com/jitsi/jitsi-meet/pull/8869/commits. The redirection to the external auth url is'nt done anymore in the browser when we activate the org.jitsi.jicofo.auth.URL=shibboleth:default in jicofo configuration. There is also a subject in the community forum for this issue : https://community.jitsi.org/t/struggling-with-shibboleth-auth-in-update-2-0-5765/97824/6. Regards, Damien.

damencho commented 3 years ago

Thank you, we will take a look next week.

damencho commented 3 years ago

To update the history https://github.com/jitsi/jitsi-meet/issues/9026

damencho commented 3 years ago

As @daimoc pointed in the community forum this was broken from the UI change, I manage to repro without touching jicofo. We are working on it.