Guest login does not work (Error 502)



  • Good morning to all,
    so here is my next problem evaluating kopano meet. I can login with my credentials e.g. in firefox and am able to see myself (camera is working). I create a new public room (“public/test”), copy the link and add “#guest=1”. When I paste this link into another browser (e.g. chrome) and attempt to login, nothing happens. In syslog I find:

    Jul 12 08:34:26 internal kopano-kwebd[9057]: 12/Jul/2019:08:34:26 +0200 [ERROR 502 /upstreams/kwmserver/api/kwm/v2/guest/logon] net/http: HTTP/1.x transport connection broken: http: ContentLength=221 with Body length 0
    

    This 502 is also visible in the webdeveloper tools:

    Kopano Meet 2019-07-12 12-53-48.png

    /etc/kopano/kwebd.conf is:

    hostname=internal.<mydomain>
    request_log_file = /var/log/kopano/kwebd-requests.log
    tls = yes
    tls_cert = /etc/kopano/ssl/<mydomain>.pem
    ls_key = /etc/kopano/ssl/<mydomain>.key
    default_redirect = meet/
    legacy_reverse_proxy = 127.0.0.1:8000
    

    /etc/kopano/kweb/overrides.d/config/kopano/meet.json is

    "apiPrefix": "/api/gc/v1",
      "oidc": {
        "iss": "",
        "clientID": ""
      },
      "kwm": {
        "url": ""
      },
      "guests": {
              "enabled": true
      },
      "disableFullGAB": false
    }
    

    /etc/kopano/kwmserverd.cfg is

    oidc_issuer_identifier=https://internal.<mydomain>
    log_level = debug
    enable_guest_api = yes
    registration_conf = /etc/kopano/konnectd-identifier-registration.yaml
    public_guest_access_regexp = ^group/public/.*
    

    /etc/kopano/konnectd.cfg is

    oidc_issuer_identifier = https://internal.<mydomain>
    signing_private_key = /etc/kopano/konnectkeys/konnectd-signing-private-key.pem.pem
    encryption_secret_key = /etc/kopano/konnectkeys/konnectd-encryption-secret.key
    identifier_registration_conf = /etc/kopano/konnectd-identifier-registration.yaml
    allow_client_guests = yes
    log_level = info
    

    /etc/kopano/konnectd-identifier-registration.yaml is

    clients:
    - id: kpop-https://internal.<mydomain>/meet/
      name: Kopano Meet
      application_type: web
      trusted: true
      redirect_uris:
      - https://internal.<mydomain>/meet/
      trusted_scopes:
      - konnect/guestok
      - kopano/kwm
      jwks:
        keys:
        - kty: EC
          use: sig
          crv: P-256
          d: <somekey>
          kid: meet-kwmserver
          x: <someotherkey>
          y: <yetanotherkey>
        request_object_signing_alg: ES256
    

    Does anyone have an idea what could go wrong here?

    Best regards

    Thomas


  • Kopano

    The error 502 for the indicates the guest/logon endpoint of kwmserver does indicate it has a problem to correctly process the request. Assuming kwmserverd is running, there should be an error in the logs (most likely an unhandled one). Can you please check and post that error here since an unhandled error needs fixing in any case and known what exactly the error is it might also help to solve it.



  • Thank you for the hint @longsleep
    The first line journalctl shows when I log in using my kopano account is

    kopano-kwmserverd[1226]: 2019/07/15 11:45:38 http: panic serving 127.0.0.1:47416: runtime error: invalid memory address or nil pointer dereference
    

    But login with my account works.

    Here is the full log:

    Jul 15 11:45:38  kopano-kwmserverd[1226]: 2019/07/15 11:45:38 http: panic serving 127.0.0.1:47416: runtime error: invalid memory address or nil pointer dereference
    Jul 15 11:45:38  kopano-kwmserverd[1226]: goroutine 2275309 [running]:
    Jul 15 11:45:38  kopano-kwmserverd[1226]: net/http.(*conn).serve.func1(0xc000420280)
    Jul 15 11:45:38  kopano-kwmserverd[1226]:         /usr/local/go/src/net/http/server.go:1746 +0xd0
    Jul 15 11:45:38  kopano-kwmserverd[1226]: panic(0x887bc0, 0xcd8870)
    Jul 15 11:45:38  kopano-kwmserverd[1226]:         /usr/local/go/src/runtime/panic.go:513 +0x1b9
    Jul 15 11:45:38  kopano-kwmserverd[1226]: stash.kopano.io/kwm/kwmserver/vendor/github.com/dgrijalva/jwt-go.NewWithClaims(0x0, 0x0, 0x98ce80, 0xc000108900, 0xc0000827e0)
    Jul 15 11:45:38  kopano-kwmserverd[1226]: /var/lib/jenkins/jobs/kwm_kwmserver/branches/master/workspace/.gopath/src/stash.kopano.io/kwm/kwmserver/vendor/github.com/dgrijalva/jwt-go/token.go:41 +0x26
    Jul 15 11:45:38  kopano-kwmserverd[1226]: stash.kopano.io/kwm/kwmserver/signaling/guest.(*Manager).MakeHTTPLogonHandler.func1(0x990540, 0xc000314000, 0xc0001cf300)
    Jul 15 11:45:38  kopano-kwmserverd[1226]:         /var/lib/jenkins/jobs/kwm_kwmserver/branches/master/workspace/.gopath/src/stash.kopano.io/kwm/kwmserver/signaling/guest/http.go:168 +0x91a
    Jul 15 11:45:38  kopano-kwmserverd[1226]: net/http.HandlerFunc.ServeHTTP(0xc0003e1060, 0x990540, 0xc000314000, 0xc0001cf300)
    Jul 15 11:45:38  kopano-kwmserverd[1226]:         /usr/local/go/src/net/http/server.go:1964 +0x44
    Jul 15 11:45:38  kopano-kwmserverd[1226]: stash.kopano.io/kwm/kwmserver/vendor/github.com/rs/cors.(*Cors).Handler.func1(0x990540, 0xc000314000, 0xc0001cf300)
    Jul 15 11:45:38  kopano-kwmserverd[1226]:         /var/lib/jenkins/jobs/kwm_kwmserver/branches/master/workspace/.gopath/src/stash.kopano.io/kwm/kwmserver/vendor/github.com/rs/cors/cors.go:207 +0xf2
    Jul 15 11:45:38  kopano-kwmserverd[1226]: net/http.HandlerFunc.ServeHTTP(0xc0003ca920, 0x990540, 0xc000314000, 0xc0001cf300)
    Jul 15 11:45:38  kopano-kwmserverd[1226]:         /usr/local/go/src/net/http/server.go:1964 +0x44
    Jul 15 11:45:38  kopano-kwmserverd[1226]: stash.kopano.io/kwm/kwmserver/signaling/server.(*Server).WithMetrics.func1(0x990540, 0xc000314000, 0xc0001cf200)
    Jul 15 11:45:38  kopano-kwmserverd[1226]:         /var/lib/jenkins/jobs/kwm_kwmserver/branches/master/workspace/.gopath/src/stash.kopano.io/kwm/kwmserver/signaling/server/server.go:103 +0x18a
    Jul 15 11:45:38  kopano-kwmserverd[1226]: net/http.HandlerFunc.ServeHTTP(0xc0003ca940, 0x990540, 0xc000314000, 0xc0001cf200)
    Jul 15 11:45:38  kopano-kwmserverd[1226]:         /usr/local/go/src/net/http/server.go:1964 +0x44
    Jul 15 11:45:38  kopano-kwmserverd[1226]: stash.kopano.io/kwm/kwmserver/vendor/github.com/gorilla/mux.(*Router).ServeHTTP(0xc00001e480, 0x990540, 0xc000314000, 0xc0001cf000)
    Jul 15 11:45:38  kopano-kwmserverd[1226]:         /var/lib/jenkins/jobs/kwm_kwmserver/branches/master/workspace/.gopath/src/stash.kopano.io/kwm/kwmserver/vendor/github.com/gorilla/mux/mux.go:212 +0xd0
    Jul 15 11:45:38  kopano-kwmserverd[1226]: stash.kopano.io/kwm/kwmserver/signaling/server.(*Server).AddContext.func1(0x990540, 0xc000314000, 0xc0001cef00)
    Jul 15 11:45:38  kopano-kwmserverd[1226]:         /var/lib/jenkins/jobs/kwm_kwmserver/branches/master/workspace/.gopath/src/stash.kopano.io/kwm/kwmserver/signaling/server/server.go:114 +0xf6
    Jul 15 11:45:38  kopano-kwmserverd[1226]: net/http.HandlerFunc.ServeHTTP(0xc0004455c0, 0x990540, 0xc000314000, 0xc0001cef00)
    Jul 15 11:45:38  kopano-kwmserverd[1226]:         /usr/local/go/src/net/http/server.go:1964 +0x44
    Jul 15 11:45:38  kopano-kwmserverd[1226]: net/http.serverHandler.ServeHTTP(0xc000122820, 0x990540, 0xc000314000, 0xc0001cef00)
    Jul 15 11:45:38  kopano-kwmserverd[1226]:         /usr/local/go/src/net/http/server.go:2741 +0xab
    Jul 15 11:45:38  kopano-kwmserverd[1226]: net/http.(*conn).serve(0xc000420280, 0x9915c0, 0xc00005c780)
    Jul 15 11:45:38  kopano-kwmserverd[1226]:         /usr/local/go/src/net/http/server.go:1847 +0x646
    Jul 15 11:45:38  kopano-kwmserverd[1226]: created by net/http.(*Server).Serve
    Jul 15 11:45:38  kopano-kwmserverd[1226]:         /usr/local/go/src/net/http/server.go:2851 +0x2f5
    Jul 15 11:46:08  kopano-kwebd[9057]: 15/Jul/2019:11:46:08 +0200 [ERROR 502 /upstreams/kwmserver/api/kwm/v2/guest/logon] net/http: HTTP/1.x transport connection broken: http:  ContentLength=221 with Body length 0
    Jul 15 11:46:19  kopano-kwmserverd[1226]: 2019/07/15 11:46:19 http: panic serving 127.0.0.1:47898: runtime error: invalid memory address or nil pointer dereference
    Jul 15 11:46:19  kopano-kwmserverd[1226]: goroutine 2276272 [running]:
    Jul 15 11:46:19  kopano-kwmserverd[1226]: net/http.(*conn).serve.func1(0xc0000fe280)
    Jul 15 11:46:19  kopano-kwmserverd[1226]:         /usr/local/go/src/net/http/server.go:1746 +0xd0
    Jul 15 11:46:19  kopano-kwmserverd[1226]: panic(0x887bc0, 0xcd8870)
    Jul 15 11:46:19  kopano-kwmserverd[1226]:         /usr/local/go/src/runtime/panic.go:513 +0x1b9
    Jul 15 11:46:19  kopano-kwmserverd[1226]: stash.kopano.io/kwm/kwmserver/vendor/github.com/dgrijalva/jwt-go.NewWithClaims(0x0, 0x0, 0x98ce80, 0xc00022cf80, 0xc000408160)
    Jul 15 11:46:19  kopano-kwmserverd[1226]:         /var/lib/jenkins/jobs/kwm_kwmserver/branches/master/workspace/.gopath/src/stash.kopano.io/kwm/kwmserver/vendor/github.com/dgrijalva/jwt-go/token.go:41 +0x26
    Jul 15 11:46:19  kopano-kwmserverd[1226]: stash.kopano.io/kwm/kwmserver/signaling/guest.(*Manager).MakeHTTPLogonHandler.func1(0x990540, 0xc000456700, 0xc0000a7800)
    Jul 15 11:46:19  kopano-kwmserverd[1226]:         /var/lib/jenkins/jobs/kwm_kwmserver/branches/master/workspace/.gopath/src/stash.kopano.io/kwm/kwmserver/signaling/guest/http.go:168 +0x91a
    Jul 15 11:46:19  kopano-kwmserverd[1226]: net/http.HandlerFunc.ServeHTTP(0xc0003e1060, 0x990540, 0xc000456700, 0xc0000a7800)
    Jul 15 11:46:19  kopano-kwmserverd[1226]:         /usr/local/go/src/net/http/server.go:1964 +0x44
    Jul 15 11:46:19  kopano-kwmserverd[1226]: stash.kopano.io/kwm/kwmserver/vendor/github.com/rs/cors.(*Cors).Handler.func1(0x990540, 0xc000456700, 0xc0000a7800)
    Jul 15 11:46:19  kopano-kwmserverd[1226]:         /var/lib/jenkins/jobs/kwm_kwmserver/branches/master/workspace/.gopath/src/stash.kopano.io/kwm/kwmserver/vendor/github.com/rs/cors/cors.go:207 +0xf2
    Jul 15 11:46:19  kopano-kwmserverd[1226]: net/http.HandlerFunc.ServeHTTP(0xc0003ca920, 0x990540, 0xc000456700, 0xc0000a7800)
    Jul 15 11:46:19  kopano-kwmserverd[1226]:         /usr/local/go/src/net/http/server.go:1964 +0x44
    Jul 15 11:46:19  kopano-kwmserverd[1226]: stash.kopano.io/kwm/kwmserver/signaling/server.(*Server).WithMetrics.func1(0x990540, 0xc000456700, 0xc0000a7700)
    Jul 15 11:46:19  kopano-kwmserverd[1226]:         /var/lib/jenkins/jobs/kwm_kwmserver/branches/master/workspace/.gopath/src/stash.kopano.io/kwm/kwmserver/signaling/server/server.go:103 +0x18a
    Jul 15 11:46:19 internal.m2mgate.de kopano-kwmserverd[1226]: net/http.HandlerFunc.ServeHTTP(0xc0003ca940, 0x990540, 0xc000456700, 0xc0000a7700)
    Jul 15 11:46:19  kopano-kwmserverd[1226]:         /usr/local/go/src/net/http/server.go:1964 +0x44
    Jul 15 11:46:19  kopano-kwmserverd[1226]: stash.kopano.io/kwm/kwmserver/vendor/github.com/gorilla/mux.(*Router).ServeHTTP(0xc00001e480, 0x990540, 0xc000456700, 0xc0000a7500)
    Jul 15 11:46:19  kopano-kwmserverd[1226]:         /var/lib/jenkins/jobs/kwm_kwmserver/branches/master/workspace/.gopath/src/stash.kopano.io/kwm/kwmserver/vendor/github.com/gorilla/mux/mux.go:212 +0xd0
    Jul 15 11:46:19  kopano-kwmserverd[1226]: stash.kopano.io/kwm/kwmserver/signaling/server.(*Server).AddContext.func1(0x990540, 0xc000456700, 0xc0000a7400)
    Jul 15 11:46:19  kopano-kwmserverd[1226]:         /var/lib/jenkins/jobs/kwm_kwmserver/branches/master/workspace/.gopath/src/stash.kopano.io/kwm/kwmserver/signaling/server/server.go:114 +0xf6
    Jul 15 11:46:19  kopano-kwmserverd[1226]: net/http.HandlerFunc.ServeHTTP(0xc0004455c0, 0x990540, 0xc000456700, 0xc0000a7400)
    Jul 15 11:46:19  kopano-kwmserverd[1226]:         /usr/local/go/src/net/http/server.go:1964 +0x44
    Jul 15 11:46:19 i kopano-kwmserverd[1226]: net/http.serverHandler.ServeHTTP(0xc000122820, 0x990540, 0xc000456700, 0xc0000a7400)
    Jul 15 11:46:19  kopano-kwmserverd[1226]:         /usr/local/go/src/net/http/server.go:2741 +0xab
    Jul 15 11:46:19  kopano-kwmserverd[1226]: net/http.(*conn).serve(0xc0000fe280, 0x9915c0, 0xc00022ce40)
    Jul 15 11:46:19  kopano-kwmserverd[1226]:         /usr/local/go/src/net/http/server.go:1847 +0x646
    Jul 15 11:46:19  kopano-kwmserverd[1226]: created by net/http.(*Server).Serve
    Jul 15 11:46:19  kopano-kwmserverd[1226]:         /usr/local/go/src/net/http/server.go:2851 +0x2f5
    lines 938-1002/1002 (END)
    

    So, to be honest, I can’t explain what’s going wrong here. Anybody can?

    Best regards

    Thomas


  • Kopano

    Thanks for the trace Thomas! This helped and there is a missing return after an error was handled and because of that later on an unhandled panic happens.

    While i will fix the missing line shortly, this does not fix your problem. Since this is a configuration/setup error with a client the corresponding log entry is only logged when you enable debug logging. If you enabled that, you will see a log entry like "no request object signing alg for client_id key" which indicates, that the client configuration (in identifier-registration.yaml) has an invalid or unknown value for the request_object_signing_alg field.


Log in to reply