SSO not working with Microsoft Azure

[nlonge]

Hi, I'm trying to set up sso with Azure AD but I'm stuck. Apache2 returns error after setting my IDs on sts. Log tomcat9 : "File does not exist: /var/www/linshare-ui-user/oidc/callback, referer: https://login.microsoftonline.com/"

A specific configuration needs to be set in "/etc/apache2/sites-avalaible/linshare-ui-user.conf" (no mention of this in a doc) ? Does anyone have a solution?

Thank you

[nlonge]

I try to modify my vhost : linshare-ui-user.conf and add proxy

<IfModule mod_ssl.c>
        <VirtualHost *:443>
                ServerName <my_url>
                DocumentRoot /var/www/linshare-ui-user

                <Location /linshare>
                        ProxyPass http://127.0.0.1:8080/linshare
                        ProxyPassReverse http://127.0.0.1:8080/linshare
                        ProxyPassReverseCookiePath /linshare /

                        Header edit Set-Cookie "(JSESSIONID=.*); Path.*" "$1; Path=/; Secure"
                        Header set Cache-Control "max-age=0,no-cache,no-store"
                </Location>

                <Location /oidc/callback>
                        ProxyPass https://<my_url>
                        ProxyPassReverse https://<my_url>
                        LogLevel debug
                </Location>

                ErrorLog /var/log/apache2/linshare-user-error.log
                CustomLog /var/log/apache2/linshare-user-access.log combined

                SSLEngine on
                SSLCertificateFile      /etc/ssl/certs/XXX.pem
                SSLCertificateKeyFile /etc/ssl/private/XXX.key
                SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
                SSLProxyEngine On

                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>
        </VirtualHost>
</IfModule>

I have this message : "L'authentification SSO a echoué" But no logs...

[wboudiche]

Hi you have the conf of virtualhost in the documentation try to respect it https://github.com/linagora/linshare/blob/master/documentation/EN/upgrade/linshare-upgrade-from-v6.0.0-to-v6.0.2.md

[nlonge]

Hi. Thx but it's the same.. my new vhost linshare-ui-user.conf :

<IfModule mod_ssl.c>
        <VirtualHost *:443>
                ServerAdmin support_info@sites.fr
                ServerName <my_url>
                DocumentRoot /var/www/linshare-ui-user

                LogLevel debug

                <Location /linshare>
                        ProxyPass http://127.0.0.1:8080/linshare
                        ProxyPassReverse http://127.0.0.1:8080/linshare
                        ProxyPassReverseCookiePath /linshare /

                        Header edit Set-Cookie "(JSESSIONID=.*); Path.*" "$1; Path=/; Secure"
                        Header set Cache-Control "max-age=0,no-cache,no-store"
                </Location>

                ErrorLog /var/log/apache2/linshare-user-error.log
                CustomLog /var/log/apache2/linshare-user-access.log combined

                SSLEngine on
                SSLCertificateFile      /etc/ssl/certs/xxx.pem
                SSLCertificateKeyFile /etc/ssl/private/xxx.key
                SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire

                <Directory /var/www/linshare-ui-user>
                    RewriteEngine on
                    RewriteBase /
                    RewriteCond %{REQUEST_FILENAME} -f [OR]
                    RewriteCond %{REQUEST_FILENAME} -d
                    RewriteRule ^ - [L]
                    RewriteRule ^ index.html [L]
                </Directory>

        </VirtualHost>
</IfModule>

[nlonge]

Onglet développeur : "Failed to load resource: the server responded with a status of 401 (Unauthorized)" !

[wboudiche]

Hi Enable the debug mode and send me your logs

[nlonge]

I found the solution ! :) My bad, I have configured the secret in 'linshare-ui-user/config/config.js' while the value must be null... I find this error in my browser (network tab => token) : @wboudiche thanks for your help