search

pulsejet / nextcloud-oidc-login

Nextcloud login via a single OpenID Connect 1.0 provider
https://apps.nextcloud.com/apps/oidc_login
GNU Affero General Public License v3.0
219 stars 59 forks source link

SSL certificate problem #267

Open gehrigmobi opened 5 months ago

gehrigmobi commented 5 months ago

Configuration

Docker 20.10.8 Nextcloud 28.0.3 with nextcloud-oidc-login Keycloak 20.0.1 Traefik 2.10.7 with Let's encrypt certificates

Issue

Nextcloud redirects to keycloak. After entering credentials in keycloak, the following page is opened https://nextcloud.example.com/apps/oidc_login/oidc?state=XXX&session_state=YYY&code=ZZZ showing following error: Curl error: (60) SSL certificate problem: unable to get local issuer certificate.

It seems that the certificate lets-encrypt-r3.pem is not known, although it is imported into nextcloud with occ security:certificates:import.

Suggestion

It works for me if I define a new system value 'oidc_login_cert_path' => '/var/www/html/custom_apps/oidc_login/lets-encrypt-r3.pem', and add the OpenID-Connect-PHP setCertPath method in the createOIDCClient function, e.g. after setting TLS development mode:

// set TLS development mode
$oidc->setVerifyHost($this->config->getSystemValue('oidc_login_tls_verify', true));
$oidc->setVerifyPeer($this->config->getSystemValue('oidc_login_tls_verify', true));

$oidc->setCertPath($this->config->getSystemValue('oidc_login_cert_path', null));

Would this change make sense or are there any better solutions?