Open leoniscsem opened 2 years ago
timnolte
commented
2 years ago I will have to do some further testing given it looks like you are using the Alternate Redirect URL feature. I've done many test setups with other IDPs including Microsoft Azure AD, Google Workspace, Amazon Cognito, Oracle Identity Cloud, Keycloak and there have shown to be no problems with the use of the standard redirect URL setup. Have you tried without using the Alternative Redirect URL feature?
leoniscsem
commented
2 years ago Yes, unfortunately it creates the same result in the encoding.
Type: make_authentication_url
Date: 2022-01-10 04:50:31
User: 0
URI : /wp-login.php
string(317) "https://nextcloud.domain.tld/apps/oauth2/authorize?response_type=code&scope=ocs.data.id%20openid&client_id=NanVowIdakdfWEFSu0mDmkgkGehbTQSj957Aps1VpZMrRjZPffaXeCMDcVPGn7PhhPf6&state=9bb83fc5eb807e28142b051908b56405&redirect_uri=https%3A%2F%2Fwordpress.domain.tld%2Fwp-admin%2Fadmin-ajax.php%3Faction%3Dopenid-connect-authorize"I have unfortunately no clue where to look at. Could it be related to DB encoding?
timnolte
commented
2 years ago @leoniscsem just to confirm that there is no issue with encoding. In your last message the redirect_uri sent to your NextCloud instance, when urldecoded is the correct URL. I dropped https%3A%2F%2Fwordpress.domain.tld%2Fwp-admin%2Fadmin-ajax.php%3Faction%3Dopenid-connect-authorize into an online decoder and it return exactly the correct URL that your NextCloud instance should be returning back to. For clarification, the redirect_uri is not intended to be the final destination for your users, that parameter is the endpoint that plugin uses to perform all of the authentication verification. The place where your user ends up is tracked by the state that is generated. It seems like there is some other redirect issue going on if your users are being sent back to the home page. Have you ensured that your permalinks and Nginx configuration are setup correctly as it actually seems like, especially with the Alternate Redirect URL setting that the permalink isn't being setup correctly. You may need to visit the permalinks settings screen and click on the Save to ensure that permalinks are updated in WordPress. It does look like there is a NextCloud Docker image available so I might be able to spend some time setting this up for my own testing and provide guidance on a known working configuration. I have recently done this with Keycloak afer a user reported having problems getting Keycloak working with the WordPress site and the plugin. You can find the start of IDP configuration guides in the plugin Wiki here on GitHub.
Describe the bug When authenticating against Nextcloud 22 on
nginx, the user does not end up at the intended redirect URL, but on the home page instead. Independent of the callback URL settings of the plugin (Ajax / alternative URL).Check the encoding of the redirect URL:
edirect_uri=https%3A%2F%2Fwordpress.domain.net%2Fopenid-connect-authorizeLog:
To Reproduce Steps to reproduce the behavior:
/wp-login.phpExpected behavior To be redirected to the intended callback URL. With proper encoding.
Isolating the problem (mark completed items with an [x]):
WordPress Environment
I could also provide the
nginxserver blocks for both the WordPress and the Nextcloud instances. It's just that neither WordPress nor Nextcloud have issues with it when using the MiniOrange plugin, and when I authenticate other applications against our Nextcloud setup.