New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ownCloud - missing state parameter #5566
Comments
|
Not an authelia or ownCloud problem. Your reverse proxy shouldn't rewrite the OIDC |
Thanks for the input. Should I take that as confirmation that ownCloud includes the state parameter by default and uses a reasonable length to ensure entropy? Do you happen to know the length by default? |
Thank you, James. With reference to your answer here: owncloud/ios-app#1219 (comment)
Even after setting minimum_parameter_entropy to -1 to disable the requirement for the state parameter, this does not seem to be honored. (Bug?)
Thank you. After commenting out the line "proxy_redirect http:// $scheme://;" in the proxy.conf snippet (https://www.authelia.com/integration/proxies/nginx/#proxyconf) authentication using the Mac Desktop client works fine. |
authelia/internal/configuration/validator/identity_providers.go Lines 36 to 43 in 89ee069
It seems as the third case is executed before the first case. I am unfortunately not versed in go to create a PR here. |
Version
v4.37.5
Deployment Method
Docker
Reverse Proxy
NGINX Proxy Manager
Reverse Proxy Version
2.1.0
Description
Login using iOS App (ownCloud Infinity Scale) fails using Authelia because of missing state parameter
ownCloud Infinity Scale version: Docker Latest (DIGEST: a98a962d4ab8)
Reproduction
The Error occurs only using the iOS App of oCIS. Nevertheless there seems to be also a redirect issue as can be seen when using the Mac Desktop App of oCIS.
Webinterface
Logging in via the web interface works without any issues. (I must note that authentication was only possible after adding the "allowed_origins:" parameter to authelia (perhaps only an issue when using nginx proxy manager).
Mac Desktop App
When I log in via the Mac desktop app, I am redirected to the following page in Safari after successfully logging in: https://127.0.0.1:60527/?code=authelia_ac_*************&scope=openid+offline_access+email+profile&state=*********. Only when I change https to http in the URL does the Mac desktop app open and the login works.
iOS App
After I add the domain (https://ocis.example-domain.at/), the app informs me that the ssl certificate is fine. Whenever I click on Continue, a safari window opens and closes again.
Expectations
No response
Configuration (Authelia)
Logs (Authelia)
Logs (Proxy / Application)
Documentation
OwnCloud Infinity Scale - container-vars.env:
Pre-Submission Checklist
I agree to follow the Code of Conduct
This is a bug report and not a support request
I have read the security policy and this bug report is not a security issue or security related issue
I have either included the complete configuration file or I am sure it's unrelated to the configuration
I have provided all of the required information in full with the only alteration being reasonable sanitization in accordance with the Troubleshooting Sanitization reference guide
I have checked for related proxy or application logs and included them if available
I have checked for related issues and checked the documentation
The text was updated successfully, but these errors were encountered: