-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Getting 504 error with OIDC through Authentik #16004
Comments
You should check more carefully on your side because I am really doubtful we have a trouble with LE certs since a good part of the web uses it.
Works fine, and the presented certificate is signed by LE R3. You should try to do I am closing this for now, please re-open if needed. |
@MatMaul , So if i could get the page inside container with curl, but Synapse server couldn't, it's related to Synapse SSL client troubles. I repeat, after using Also the 504 error when the host is considered suspicious by SSL client seems like a bug itself. There are some related issues that also hadn't been handled yet: I would also mention that I'm also using LDAP integration from the same identity provider with same certificate as in OIDC endpoint, and it works totally fine (i guess so, cause I'm using STARTTLS mechanism and Synapse's logs related to LDAP are not enough verbose even after
so i could exactly tell if certificate used in connection) |
Ive managed to handle this trouble. When we started migrating to Rocket.Chat instead of Matrix, the same scenario happened, but with more detailed logging from Rocket.Chat, which helped me to identify the problem. The problem was in inconsistent certificate chain, that where fixed on the Identity Provider-side After the fix either Matrix Synapse & RocketChat worked correctly. Suppose, this answer could help somebody, who's stuck with the same trouble scenario, but couldn't get detailed logging from Synapse 😊 |
I'm trying to connect Authentik OIDC to Synapse Matrix Server.
Now I'm stuck with 504 error while Synapse trying to read authentik url with configuration for OIDC
My Authentik host uses Let's Encrypt cert. At the first time i faced this problem i've imported the Let's Encrypt R3 root chain (which my authentik cert is signed by) to container's root CA directory via ca-certificates (Here are my Dockefile commands for that:) and also set path to it with
SSL_CERT_FILE
env like its mentioned hereBut the problem didn't gone and the error remained identical.
BTW if I set
use_insecure_ssl_client_just_for_testing_do_not_use: true
parameter in myhomeserver.yaml
file, I can get all the configuration work perfectly.As I assume, its a certificate issue related to Synapse Docker container. I suppose that Let's Encrypt is trusted enough authority to be included in Synapse docker container so there would be no need to import it manually.
As extra info:
i've also tested
curl
inside the container in multiple conditions:use_insecure_ssl_client_just_for_testing_do_not_use: true
in ```homeserver.yml`` i can curl uri with configuration with no errors (and the Synapse itself starts & works fine)-k
flagSSL_CERT_FILE
env i can also reach the authentik uri with curl-k
flag(in 2., 3. & 4. container fails after a second of working because the described error, but i've managed to test curl with command like
docker stop 28131c0b44de && docker start 28131c0b44de && docker exec -it 28131c0b44de curl https://auth.authentikhost.com/application/o/matrix/.well-known/openid-configuration
I can provide & describe all my configurations used if needed.
I'm trying to figure out the problem for several days now.
The text was updated successfully, but these errors were encountered: