search

nextcloud / user_oidc

OIDC connect user backend for Nextcloud
GNU Affero General Public License v3.0
77 stars 31 forks source link

Could not reach provider at URL https://my.provider.url/.well-known/openid-configuration #397

Open jager012 opened 2 years ago

jager012 commented 2 years ago

I keep getting 404 after I click the Login button. The endpoint url is reachable using curl on the same server which runs Nextcloud. If it helps, I'm running ory Hydra and I've configured OpenID on Gitea (running on the same machine as Nextcloud) without issues.

Similar to issue #355, but in his case the cause was Keycloak misconfiguration.

ykuksenko commented 2 years ago

Seeing the same thing and there are no log entries in keycloak. Nextcloud logs show:

10.x.x.x - - [20/May/2022:07:31:56 +0000] "GET /apps/user_oidc/login/2 HTTP/1.1" 404 5708 "https://nextcloud.test.example.com/login" "Mozilla/5.0 (some user agent...) Gecko/xxx Firefox/xxx"

This seems to imply that the link provided on the front page is not implemented or it is incorrect.

ykuksenko commented 2 years ago

I ended up enabling debug mode in nextcloud: php occ config:system:set debug --type bool --value true and found a message about local access restrictions in /var/www/html/data/nextcloud.log:

{"reqId":"SEnExddueseem0lfadLY","level":2,"time":"2022-05-20T01:01:01+00:00","remoteAddr":"10.x.x.x","user":"--","app":"no app in context","method":"GET","url":"/apps/user_oidc/login/1","message":"Host 192.168.x.x was not connected to because it violates local access rules","userAgent":"Mozilla/5.0 (some user agent...) Gecko/xxx Firefox/xxx}

I ran php occ config:system:set allow_local_remote_servers --value true Then after a couple attempts keycloak showed up and logins started working.

@jager012 I think this is the same issue you are seeing because you mention you are running Nextcloud on the same machine as your OpenID provider.

Sidenote: I am not sure why one true is a boolean and the other is not... but it does work for me.

@nextcloud Could the failure message be improved to mention local access restrictions?

nilsonrochabh commented 1 year ago

{"reqId":"dMZkIqaBx5nmseIY66t3","level":4,"time":"2022-08-12T11:39:24+00:00","remoteAddr":"192.168.80.7","user":"--","app":"user_oidc","method":"GET","url":"/apps/user_oidc/login/8","message":"Could not reach provider at URL https://auth.myprovider.com/auth/realms/myrealm/protocol/openid-connect/auth","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36","version":"24.0.3.2","data":{"app":"user_oidc"}}

jkuester commented 1 year ago

Could not reach provider at URL https://auth.myprovider.com/auth/realms/myrealm/protocol/openid-connect/auth

For anyone facing this exact error (with the auth/realms/myrealm/protocol/openid-connect/auth endpoint), see the more recent discussion here: https://github.com/nextcloud/user_oidc/issues/555