Kopano webapp with sso enabled not loading after login



  • Since the mdm plugin now is working with SSO. I would like to enable SSO. Mine is also working with meet, so i was quite sure of me…

    When i enable the OIDC_ISS line in /etc/kopano/config.php, i’m correctly redirected to /signin/v1 page. But nothing after, the only information i found is a 401 error code in apache logs :

    ==> /var/log/kopano/kwebd-requests.log <==
    172.16.84.10 - - [09/Jul/2020:21:49:19 +0200] "GET /.well-known/openid-configuration HTTP/2.0" 200 530 "https://webmail.blorand.org/webapp/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"
    
    ==> /var/log/apache2/access.log <==
    37.171.169.20 - - [09/Jul/2020:21:49:20 +0200] "POST /webapp/kopano.php?service=token HTTP/1.1" 401 550 "https://webmail.blorand.org/webapp/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"
    37.171.169.20 - - [09/Jul/2020:21:49:20 +0200] "POST /webapp/kopano.php?service=fingerprint HTTP/1.1" 200 317 "https://webmail.blorand.org/webapp/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"
    37.171.169.20 - - [09/Jul/2020:21:49:20 +0200] "POST /webapp/kopano.php?service=fingerprint&type=keepalive HTTP/1.1" 200 321 "https://webmail.blorand.org/webapp/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"
    
    ==> /var/log/kopano/kwebd-requests.log <==
    172.16.84.10 - - [09/Jul/2020:21:49:20 +0200] "GET /konnect/v1/session/check-session.html HTTP/2.0" 200 3033 "https://webmail.blorand.org/webapp/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"
    
    ==> /var/log/syslog <==
    Jul  9 21:49:22 kopano kopano-server[17192]: Accepted incoming connection on file:///var/run/kopano/server.sock
    

    For information, my list of package and version installed :

    root@kopano:/etc/kopano# dpkg -l | grep -i kopano
    ii  kopano-backup                                   10.0.6.13.76a919a6d-0+129.1  amd64        Utility to back up and restore Kopano stores
    ii  kopano-client                                   10.0.6.13.76a919a6d-0+155.1  amd64        Kopano MAPI provider library
    ii  kopano-common                                   10.0.6.13.76a919a6d-0+155.1  amd64        Shared files for Kopano services
    ii  kopano-dagent                                   10.0.6.13.76a919a6d-0+155.1  amd64        E-Mail Delivery Agent for Kopano Core
    ii  kopano-dagent-pytils                            10.0.6.13.76a919a6d-0+129.1  amd64        Additional message handlers for kopano-dagent
    ii  kopano-gateway                                  10.0.6.13.76a919a6d-0+155.1  amd64        POP3 and IMAP Gateway for Kopano Core
    ii  kopano-grapi                                    10.5.0+0.f3e0f35-0+37.1      amd64        REST entrypoints to the Kopano Groupware Core stack
    ii  kopano-grapi-bin                                10.5.0+0.f3e0f35-0+37.1      amd64        Kopano GRAPI service
    ii  kopano-grapi-i18n                               10.5.0+0.f3e0f35-0+37.1      all          Kopano GRAPI translations
    ii  kopano-ical                                     10.0.6.13.76a919a6d-0+155.1  amd64        ICal and CalDAV Gateway for Kopano Core
    ii  kopano-kapid                                    0.14.0-0+337.3               amd64        Kopano API HTTP REST-Endpoints
    ii  kopano-konnectd                                 0.33.5-0+350.1               amd64        Kopano Konnect OpenID Connect Provider service daemon
    ii  kopano-kwebd                                    0.9.2-0+303.1                amd64        Kopano Web Server
    ii  kopano-kwmserverd                               1.2.0-0+335.1                amd64        Kopano Web Meetings Server
    ii  kopano-lang                                     10.0.6.13.76a919a6d-0+155.1  all          Translations for Kopano Core components
    ii  kopano-meet                                     2.2.3-0+356.1                all          Metapackage to install Kopano Meet
    ii  kopano-meet-packages                            2.2.3-0+356.1                all          Metapackage to install the entire Kopano Meet stack
    ii  kopano-meet-webapp                              2.2.3-0+356.1                all          Kopano Meet Webapp
    ii  kopano-migration-imap                           10.0.6.13.76a919a6d-0+155.1  amd64        Utility to migrate between IMAP mailboxes
    ii  kopano-migration-pst                            10.0.6.13.76a919a6d-0+129.1  amd64        Utility to import PST files
    ii  kopano-monitor                                  10.0.6.13.76a919a6d-0+155.1  amd64        Quota Monitor for Kopano Core
    ii  kopano-python-utils                             10.0.6.13.76a919a6d-0+129.1  amd64        Additional Python-based command-line utils for Kopano Core
    ii  kopano-python3-extras                           0.2.0+0-0+55.2               amd64        Kopano Python 3 extra dependencies
    ii  kopano-search                                   10.0.6.13.76a919a6d-0+129.1  amd64        Indexed search engine for Kopano Core
    ii  kopano-server                                   10.0.6.13.76a919a6d-0+155.1  amd64        Server component for Kopano Core
    ii  kopano-server-packages                          10.0.6.13.76a919a6d-0+155.1  all          Metapackage to install the entire Kopano Core stack
    ii  kopano-spamd                                    10.0.6.13.76a919a6d-0+129.1  amd64        ICS-driven spam learning daemon for Kopano/SpamAssassin
    ii  kopano-spooler                                  10.0.6.13.76a919a6d-0+155.1  amd64        E-mail Spooler for Kopano Core
    ii  kopano-webapp                                   4.1.2831+1671.1              all          New and improved WebApp for Kopano
    ii  kopano-webapp-plugin-contactfax                 4.1.2831+1671.1              all          Kopano WebApp fax plugin
    ii  kopano-webapp-plugin-desktopnotifications       2.0.3.50+78.1                all          Kopano WebApp Desktop notifications plugin
    ii  kopano-webapp-plugin-filepreviewer              2.2.0.26+21.6                all          Kopano File previewer plugin
    ii  kopano-webapp-plugin-files                      3.0.0.22+328.1               all          Adds Files functionality to Kopano enabling access to WebDAV and other files backends.
    ii  kopano-webapp-plugin-filesbackend-owncloud      3.0.0.5+104.6                all          Adds Owncloud specific functionality to Kopano Files plugin.
    ii  kopano-webapp-plugin-filesbackend-smb           3.0.0.5+73.2                 all          Adds Samba specific functionality to Kopano Files plugin.
    ii  kopano-webapp-plugin-folderwidgets              4.1.2831+1671.1              all          Kopano WebApp folder widgets plugin
    ii  kopano-webapp-plugin-gmaps                      4.1.2831+1671.1              all          Kopano WebApp google maps plugin
    ii  kopano-webapp-plugin-htmleditor-minimal-tinymce 1.0.0.13+27.4                all          Kopano WebApp TinyMCE editor with minimal functionality
    ii  kopano-webapp-plugin-htmleditor-quill           1.0.0.84+79.1                all          Kopano WebApp Quill editor
    ii  kopano-webapp-plugin-intranet                   1.0.1.17+64.3                all          This plugin adds one or more buttons in the top menu bar which can be used to open a webpage inside Kopano WebApp.
    ii  kopano-webapp-plugin-mdm                        3.1.151+115.1                all          Kopano WebApp MDM plugin
    ii  kopano-webapp-plugin-meetings                   3.0.6.38                     all          Kopano WebApp Meetings Plugin
    ii  kopano-webapp-plugin-pimfolder                  4.1.2831+1671.1              all          Kopano WebApp personal inbox plugin
    ii  kopano-webapp-plugin-quickitems                 4.1.2831+1671.1              all          Kopano WebApp quick items plugin
    ii  kopano-webapp-plugin-smime                      2.3.0.225+174.2              all          Kopano WebApp S/MIME plugin
    ii  kopano-webapp-plugin-titlecounter               4.1.2831+1671.1              all          Kopano WebApp Titlecounter plugin
    ii  kopano-webapp-plugin-webappmanual               4.1.2831+1671.1              all          Kopano WebApp Manual plugin
    ii  libgsoap-kopano-2.8.102                         2.8.102-0+1.1                amd64        Runtime libraries for gSOAP
    ii  libkcarchiver0                                  10.0.6.13.76a919a6d-0+155.1  amd64        Library with shared Kopano archiver functionality
    ii  libkcindex0                                     10.0.6.13.76a919a6d-0+155.1  amd64        Fulltext indexing API for Kopano Core
    ii  libkcoidc0                                      0.8.1-0+331.2                amd64        Kopano OpenID Connect Library
    ii  libkcserver0                                    10.0.6.13.76a919a6d-0+155.1  amd64        The Kopano Server library
    ii  libkcsoap0                                      10.0.6.13.76a919a6d-0+155.1  amd64        SOAP (de)serializer functions for Kopano's RPCs
    ii  libkcutil0                                      10.0.6.13.76a919a6d-0+155.1  amd64        Miscellaneous utility functions for Kopano Core
    ii  libmapi1                                        10.0.6.13.76a919a6d-0+155.1  amd64        Kopano's implementation of the Messaging API
    ii  libvmime-kopano3                                0.9.2.96+3.6                 amd64        Library for working with MIME messages and IMAP/POP/SMTP
    ii  php-kopano-smime                                1.0.00+18.1                  amd64        PHP Kopano SMIME Extension extends the php-openssl functions.
    ii  python3-grapi                                   10.5.0+0.f3e0f35-0+37.1      amd64        Kopano GRAPI Python 3 API
    ii  python3-grapi.api.v1                            10.5.0+0.f3e0f35-0+37.1      amd64        Kopano GRAPI Python 3 REST API v1 endpoints
    ii  python3-grapi.backend.kopano                    10.5.0+0.f3e0f35-0+37.1      amd64        Kopano GRAPI Python 3 backend for Kopano Groupware
    ii  python3-grapi.mfr                               10.5.0+0.f3e0f35-0+37.1      amd64        Kopano GRAPI Python 3 MFR
    ii  python3-kopano                                  10.0.6.13.76a919a6d-0+129.1  all          High-level Python 3 bindings for Kopano
    ii  python3-kopano-search                           10.0.6.13.76a919a6d-0+129.1  all          Kopano search module for Python 3
    ii  python3-kopano-utils                            10.0.6.13.76a919a6d-0+129.1  all          Kopano utils modules for Python 3
    ii  z-push-backend-kopano                           2.5.2+0-0                    all          Z-Push Kopano backend
    ii  z-push-kopano                                   2.5.2+0-0                    all          Z-Push for Kopano
    

    In advance, thanks for you help and your great job.


  • Kopano

    Hi @benoit_22100,

    did you also enable sso login in Kopano Core?



  • Hi @fbartels ,

    Yes my server.cfg end with :

    !include /etc/kopano/db.cfg
    kcoidc_issuer_identifier = https://webmail.blorand.org
    enable_sso = yes
    


  • I just updated to webapp 4.2, there’s the apache and kwebd log :

    172.16.84.10 - - [10/Jul/2020:22:47:42 +0200] "GET /.well-known/openid-configuration HTTP/2.0" 200 528 "https://webmail.blorand.org/webapp/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"
    172.16.84.10 - - [10/Jul/2020:22:47:43 +0200] "GET /signin/v1/identifier/_/authorize?client_id=webapp&redirect_uri=https%3A%2F%2Fwebmail.blorand.org%2Fwebapp%2F%3Foidc-silent-refresh&response_type=id_token%20token&scope=openid%20profile%20email%20kopano%2Fgc&state=07ffe401ed42465b85b15782da691a58&nonce=76d2299613cd4be6a530f13e3436e6e3&prompt=none HTTP/2.0" 302 23 "https://webmail.blorand.org/webapp/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"
    37.171.116.7 - - [10/Jul/2020:22:47:43 +0200] "GET /webapp/?oidc-silent-refresh HTTP/1.1" 200 537626 "https://webmail.blorand.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"
    37.171.116.7 - - [10/Jul/2020:22:47:44 +0200] "POST /webapp/kopano.php?service=fingerprint HTTP/1.1" 200 317 "https://webmail.blorand.org/webapp/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"
    37.171.116.7 - - [10/Jul/2020:22:47:45 +0200] "POST /webapp/kopano.php?service=fingerprint&type=keepalive HTTP/1.1" 200 321 "https://webmail.blorand.org/webapp/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"
    172.16.84.10 - - [10/Jul/2020:22:47:45 +0200] "GET /signin/v1/identifier/_/authorize?client_id=webapp&redirect_uri=https%3A%2F%2Fwebmail.blorand.org%2Fwebapp%2F%23oidc-callback&response_type=id_token%20token&scope=openid%20profile%20email%20kopano%2Fgc&state=757185969e0a4b80a75ef66d8ba8715d&nonce=28682cd6e9f94b5682766f00162a2356 HTTP/2.0" 302 23 "https://webmail.blorand.org/webapp/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"
    172.16.84.10 - - [10/Jul/2020:22:47:45 +0200] "GET /signin/v1/identifier?client_id=webapp&flow=oidc&nonce=28682cd6e9f94b5682766f00162a2356&redirect_uri=https%3A%2F%2Fwebmail.blorand.org%2Fwebapp%2F%23oidc-callback&response_type=id_token+token&scope=openid+profile+email+kopano%2Fgc&state=757185969e0a4b80a75ef66d8ba8715d HTTP/2.0" 200 514 "https://webmail.blorand.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"
    172.16.84.10 - - [10/Jul/2020:22:47:46 +0200] "POST /signin/v1/identifier/_/hello HTTP/2.0" 204 0 "https://webmail.blorand.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"
    172.16.84.10 - - [10/Jul/2020:22:47:50 +0200] "POST /signin/v1/identifier/_/logon HTTP/2.0" 200 210 "https://webmail.blorand.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"
    172.16.84.10 - - [10/Jul/2020:22:47:50 +0200] "GET /signin/v1/identifier/_/authorize?client_id=webapp&nonce=28682cd6e9f94b5682766f00162a2356&prompt=none&redirect_uri=https%3A%2F%2Fwebmail.blorand.org%2Fwebapp%2F%23oidc-callback&response_type=id_token%20token&scope=openid%20profile%20email%20kopano%2Fgc&state=757185969e0a4b80a75ef66d8ba8715d HTTP/2.0" 302 23 "https://webmail.blorand.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"
    37.171.116.7 - - [10/Jul/2020:22:47:50 +0200] "GET /webapp/ HTTP/1.1" 200 541563 "https://webmail.blorand.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"
    172.16.84.10 - - [10/Jul/2020:22:47:53 +0200] "GET /.well-known/openid-configuration HTTP/2.0" 200 528 "https://webmail.blorand.org/webapp/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"
    37.171.116.7 - - [10/Jul/2020:22:47:53 +0200] "POST /webapp/kopano.php?service=fingerprint HTTP/1.1" 200 317 "https://webmail.blorand.org/webapp/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"
    37.171.116.7 - - [10/Jul/2020:22:47:53 +0200] "POST /webapp/kopano.php?service=fingerprint&type=keepalive HTTP/1.1" 200 321 "https://webmail.blorand.org/webapp/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"
    172.16.84.10 - - [10/Jul/2020:22:47:54 +0200] "GET /konnect/v1/jwks.json HTTP/2.0" 200 693 "https://webmail.blorand.org/webapp/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"
    172.16.84.10 - - [10/Jul/2020:22:47:54 +0200] "GET /konnect/v1/userinfo HTTP/2.0" 200 270 "https://webmail.blorand.org/webapp/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"
    37.171.116.7 - - [10/Jul/2020:22:47:54 +0200] "POST /webapp/kopano.php?service=token HTTP/1.1" 401 550 "https://webmail.blorand.org/webapp/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"
    37.171.116.7 - - [10/Jul/2020:22:47:54 +0200] "POST /webapp/kopano.php?service=token HTTP/1.1" 401 550 "https://webmail.blorand.org/webapp/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"
    172.16.84.10 - - [10/Jul/2020:22:47:54 +0200] "GET /konnect/v1/session/check-session.html HTTP/2.0" 200 3028 "https://webmail.blorand.org/webapp/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"
    172.16.84.10 - - [10/Jul/2020:22:48:22 +0200] "GET /meet/ HTTP/2.0" 200 1549 "-" "Zabbix"
    


  • I have a haproxy in front of apache and kwebd, apache look x-forward-for hearders, so ip address is different for kwebd but come from the same device.



  • What logs can i give you for investigating this ?


  • Kopano

    could you record a login action with https://birdeatsbug.com/? And enable debug logging in kopano-server and konnect? The startup messages of both services could be interesting as well.



  • I just do it.

    Here the syslog capture by “tail -f /var/log/syslog | awk ‘$5 ~ /kopano-server|kopano-konnectd/’”

    Jul 16 20:05:01 kopano kopano-konnectd[1746]: level=warning msg="received signal" signal=terminated
    Jul 16 20:05:01 kopano kopano-konnectd[1746]: level=info msg="clean server shutdown start"
    Jul 16 20:05:01 kopano kopano-konnectd[1746]: level=info msg="waiting for http listener to exit"
    Jul 16 20:05:01 kopano kopano-konnectd[1746]: level=debug msg="http listener stopped"
    Jul 16 20:05:01 kopano kopano-server[1736]: Deleting db_conn 0x55f2c4fad600 on T1782
    Jul 16 20:05:01 kopano kopano-server[1736]: Deleting db_conn 0x55f2c4fad000 on T1781
    Jul 16 20:05:01 kopano kopano-server[1736]: Deleting db_conn 0x55f2c4faca00 on T1780
    Jul 16 20:05:01 kopano kopano-server[1736]: Deleting db_conn 0x55f2c4fac400 on T1783
    Jul 16 20:05:01 kopano kopano-server[1736]: Deleting db_conn 0x55f2c51fa000 on T1777
    Jul 16 20:05:01 kopano kopano-server[1736]: Deleting db_conn 0x55f2c51fac00 on T1779
    Jul 16 20:05:01 kopano kopano-server[1736]: Deleting db_conn 0x55f2c51fa600 on T1778
    Jul 16 20:05:01 kopano kopano-server[1736]: Deleting db_conn 0x55f2c4fabe00 on T1776
    Jul 16 20:05:01 kopano kopano-server[1736]: Deleting db_conn 0x55f2c4faa600 on T1736
    Jul 16 20:05:01 kopano kopano-server[1736]: db_conn 0x55f2c4faac00 was not released on T1775 (kopano-server)
    Jul 16 20:05:01 kopano kopano-server[1736]: Shutdown all current sessions
    Jul 16 20:05:01 kopano kopano-server[1736]: Deleting db_conn 0x55f2c4fab800 on T1772
    Jul 16 20:05:01 kopano kopano-server[1736]: Deleting db_conn 0x55f2c4fab200 on T1771
    Jul 16 20:05:01 kopano kopano-server[1736]: Shutdown notification manager
    Jul 16 20:05:01 kopano kopano-server[1736]: PurgeCache 0xffffffff took 0 ms
    Jul 16 20:05:01 kopano kopano-server[1736]: Waiting for mysql_server_end
    Jul 16 20:05:01 kopano kopano-server[1736]: Waiting for mysql_library_end
    Jul 16 20:05:01 kopano kopano-server[1736]: Server shutdown complete.
    Jul 16 20:05:02 kopano kopano-server[1961]: Audit logging not enabled.
    Jul 16 20:05:02 kopano kopano-server[1961]: Starting kopano-server version 10.0.6 (pid 1961 uid 0)
    Jul 16 20:05:02 kopano kopano-server[1961]: Using epoll events
    Jul 16 20:05:02 kopano kopano-server[1961]: Listening on 0.0.0.0%lo:236 (fd 5)
    Jul 16 20:05:02 kopano kopano-server[1961]: Listening on [::]%lo:236 (fd 6)
    Jul 16 20:05:02 kopano kopano-server[1961]: Listening on 0.0.0.0%lo:237 (fd 7)
    Jul 16 20:05:02 kopano kopano-server[1961]: Listening on [::]%lo:237 (fd 8)
    Jul 16 20:05:02 kopano kopano-server[1961]: K-1562: changed owner "/var/run/kopano/prio.sock" to kopano:kopano mode 660
    Jul 16 20:05:02 kopano kopano-server[1961]: Listening on unix:/var/run/kopano/prio.sock (fd 9)
    Jul 16 20:05:02 kopano kopano-server[1961]: K-1562: changed owner "/var/run/kopano/server.sock" to kopano:kopano mode 666
    Jul 16 20:05:02 kopano kopano-server[1961]: Listening on unix:/var/run/kopano/server.sock (fd 10)
    Jul 16 20:05:02 kopano kopano-server[1961]: Preparing relaunch with allocator lib libtcmalloc_minimal.so.4
    Jul 16 20:05:02 kopano kopano-server[1961]: Reexecing /usr/sbin/kopano-server
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=info msg="serve start"
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=info msg="client controlled guests are enabled"
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=info msg="loading encryption secret from file" file=/etc/kopano/konnectd-encryption-secret.key
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=info msg="loading signing key" path=/etc/kopano/konnectd-signing-private-key.pem
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=debug msg="loaded signer key" kid=konnect-20200322-2c3f path=/etc/kopano/konnectd-signing-private-key.pem
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=warning msg="skipped as signer with same kid already loaded" kid=konnect-20200322-2c3f path=/etc/kopano/konnectd-signing-private-key.pem
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=info msg="loading validation keys" path=/etc/kopano/konnectkeys
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=debug msg="loaded validator key" kid=konnect-20200322-2c3f path=/etc/kopano/konnectkeys/konnect-20200322-2c3f.pem
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=info msg="encryption set up with 32 key size"
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=debug msg="parsing identifier registration conf from /etc/kopano/konnectd-identifier-registration.yaml"
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=debug msg="registered client" application_type=web client_id="kpop-https://webmail.blorand.org/meet/" insecure=false origins="[https://webmail.blorand.org]" redirect_uris="[https://webmail.blorand.org/meet/]" trusted=true with_client_secret=false
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=debug msg="registered client" application_type=web client_id=webapp insecure=false origins="[https://webmail.blorand.org]" redirect_uris="[https://webmail.blorand.org/webapp/ https://webmail.blorand.org/webapp/index.php https://webmail.blorand.org/webapp/index.php?logout https://webmail.blorand.org/webapp/oidc-silent-refresh.php]" trusted=true with_client_secret=false
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=debug msg="parsing authorities registration conf from /etc/kopano/konnectd-identifier-registration.yaml"
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=warning msg="limiting access token duration to 240 seconds because of lower KOPANO_SERVER_SESSION_TIMEOUT"
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=info msg="kc server identifier backend connection set up" client="KCC(<socket:/run/kopano/server.sock>)"
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=debug msg="parsing scopes conf from /etc/kopano/konnectd-identifier-scopes.yaml"
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=debug msg="registered scope" id=kopano/gc priority=0
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=debug msg="registered scope" id=kopano/kwm priority=0
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=debug msg="registered scope" id=kopano/kvs priority=0
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=debug msg="registered scope" id=kopano/pubs priority=0
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=info msg="identifier set up" security="A256GCM:A256GCMKW"
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=info msg="using identifier backed identity manager"
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=info msg="identity manager set up" claims="[name family_name given_name email email_verified]" name=kc scopes="[offline_access email konnect/id kopano/kwm kopano/kvs kopano/pubs kopano/gc profile konnect/uuid konnect/raw_sub]"
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=info msg="identity guest manager set up"
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=info msg="set provider signing alg" alg=PS256
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=info msg="set provider signing key" id=konnect-20200322-2c3f method="*jwt.SigningMethodRSAPSS" type="*rsa.PrivateKey"
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=info msg="set provider validation key" id=konnect-20200322-2c3f type="*rsa.PublicKey"
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=info msg="set provider validation key" id=konnect-20200322-2c3f type="*rsa.PublicKey"
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=info msg="set provider validation key" id=default type="*rsa.PublicKey"
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=info msg="oidc token signing default set up" alg=PS256 id=konnect-20200322-2c3f method="*jwt.SigningMethodRSAPSS"
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=info msg="serve started"
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=info msg="starting http listener" listenAddr="127.0.0.1:8777"
    Jul 16 20:05:02 kopano kopano-konnectd[1971]: level=info msg="ready to handle requests"
    Jul 16 20:05:02 kopano kopano-server[1961]: Audit logging not enabled.
    Jul 16 20:05:02 kopano kopano-server[1961]: Starting kopano-server version 10.0.6 (pid 1961 uid 998)
    Jul 16 20:05:02 kopano kopano-server[1961]: Using epoll events
    Jul 16 20:05:02 kopano kopano-server[1961]: Re-using fd 5 for 0.0.0.0%lo:236
    Jul 16 20:05:02 kopano kopano-server[1961]: Re-using fd 6 for [::]%lo:236
    Jul 16 20:05:02 kopano kopano-server[1961]: Re-using fd 7 for 0.0.0.0%lo:237
    Jul 16 20:05:02 kopano kopano-server[1961]: Re-using fd 8 for [::]%lo:237
    Jul 16 20:05:02 kopano kopano-server[1961]: Re-using fd 9 for unix:/var/run/kopano/prio.sock
    Jul 16 20:05:02 kopano kopano-server[1961]: Re-using fd 10 for unix:/var/run/kopano/server.sock
    Jul 16 20:05:02 kopano kopano-server[1961]: KCOIDC: initializing provider (https://webmail.blorand.org)
    Jul 16 20:05:02 kopano kopano-server[1961]: KCOIDC: provider (https://webmail.blorand.org) waiting on initialization for 60 seconds
    Jul 16 20:05:02 kopano kopano-server[1961]: KCOIDC: initialized oidc provider (https://webmail.blorand.org)
    Jul 16 20:05:02 kopano kopano-server[1961]: Connection to database 'kopano' succeeded
    Jul 16 20:05:02 kopano kopano-server[1961]: Using the "files_v2" attachment storage backend
    Jul 16 20:05:02 kopano kopano-server[1961]: Setting cell cache size: 1073741824
    Jul 16 20:05:02 kopano kopano-server[1961]: Setting object cache size: 16777216
    Jul 16 20:05:02 kopano kopano-server[1961]: Setting indexedobject cache size: 33554432
    Jul 16 20:05:02 kopano kopano-server[1961]: Setting quota cache size: 1048576
    Jul 16 20:05:02 kopano kopano-server[1961]: Setting userdetails cache size: 26214400
    Jul 16 20:05:02 kopano kopano-server[1961]: PurgeCache 0xffffffff took 0 ms
    Jul 16 20:05:02 kopano kopano-server[1961]: Created db_conn 0x564aca7e7200 on T1999
    Jul 16 20:05:02 kopano kopano-server[1961]: Created db_conn 0x564aca7e6600 on T1961
    Jul 16 20:05:02 kopano kopano-server[1961]: Querying database for searchfolders. This may take a while.
    Jul 16 20:05:02 kopano kopano-server[1961]: Created db_conn 0x564aca7e7800 on T1998
    Jul 16 20:05:02 kopano kopano-server[1961]: Loading search folders.
    Jul 16 20:05:02 kopano kopano-server[1961]: Done loading search folders.
    Jul 16 20:05:02 kopano kopano-server[1961]: Startup succeeded on pid 1961
    Jul 16 20:05:02 kopano kopano-server[1961]: Starting statscollector
    Jul 16 20:05:02 kopano kopano-server[1961]: Created db_conn 0x564aca7e6c00 on T2002
    Jul 16 20:05:02 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-923
    Jul 16 20:05:02 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-922
    Jul 16 20:05:02 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1610
    Jul 16 20:05:02 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1025
    Jul 16 20:05:02 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-921
    Jul 16 20:05:02 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1340
    Jul 16 20:05:02 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-924
    Jul 16 20:05:02 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-925
    Jul 16 20:05:02 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-411
    Jul 16 20:05:02 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1610
    Jul 16 20:05:02 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-924
    Jul 16 20:05:02 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-922
    Jul 16 20:05:02 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-921
    Jul 16 20:05:02 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1340
    Jul 16 20:05:02 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-411
    Jul 16 20:05:02 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1025
    Jul 16 20:05:02 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-925
    Jul 16 20:05:02 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-923
    Jul 16 20:05:02 kopano kopano-server[1961]: Created db_conn 0x564aca7e8a00 on T2007
    Jul 16 20:05:02 kopano kopano-server[1961]: Created db_conn 0x564aca7e9600 on T2004
    Jul 16 20:05:02 kopano kopano-server[1961]: Created db_conn 0x564aca7e8400 on T2005
    Jul 16 20:05:02 kopano kopano-server[1961]: Created db_conn 0x564aca7e9000 on T2008
    Jul 16 20:05:02 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-411
    Jul 16 20:05:02 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-411
    Jul 16 20:05:02 kopano kopano-server[1961]: Created db_conn 0x564acaa92000 on T2009
    Jul 16 20:05:02 kopano kopano-server[1961]: Created db_conn 0x564aca7e7e00 on T2006
    Jul 16 20:05:03 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1025
    Jul 16 20:05:06 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-411
    Jul 16 20:05:06 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-411
    Jul 16 20:05:06 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-411
    Jul 16 20:05:06 kopano kopano-server[1961]: Created db_conn 0x564acaa92600 on T2010
    Jul 16 20:05:07 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1341
    Jul 16 20:05:07 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1341
    Jul 16 20:05:07 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1341
    Jul 16 20:05:07 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1341
    Jul 16 20:05:07 kopano kopano-server[1961]: Created db_conn 0x564acaa92c00 on T2003
    Jul 16 20:05:09 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-427
    Jul 16 20:05:11 kopano kopano-server[1961]: SSL connect from 127.0.0.1
    Jul 16 20:05:11 kopano kopano-server[1961]: Certificate "client-public.pem" does not match.
    Jul 16 20:05:25 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1800
    Jul 16 20:05:25 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1800
    Jul 16 20:05:25 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1800
    Jul 16 20:05:25 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1800
    Jul 16 20:05:29 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1851
    Jul 16 20:05:29 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1851
    Jul 16 20:05:29 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1851
    Jul 16 20:05:29 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1851
    Jul 16 20:05:36 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1610
    Jul 16 20:05:36 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1610
    Jul 16 20:05:38 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1340
    Jul 16 20:05:38 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1340
    Jul 16 20:05:41 kopano kopano-server[1961]: SSL connect from 127.0.0.1
    Jul 16 20:05:41 kopano kopano-server[1961]: Certificate "client-public.pem" does not match.
    Jul 16 20:05:51 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1971
    Jul 16 20:05:51 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1971
    Jul 16 20:05:51 kopano kopano-konnectd[1971]: level=debug msg="kc identifier backend logon" abeid=AAAAAKwhqVBA0+5Isxn7p1MwRCUBAAAABgAAAAwAAABpUG5ZeGN5cFNneUpkdTVkT0NWdFBBPT0AAAAA id=iPnYxcypSgyJdu5dOCVtPA ref="identifier-kc:-:iPnYxcypSgyJdu5dOCVtPA" session="Session(2001173826327431006@oPqi0flASkK0/DDKSPgdRg==)" username=benoit.lorand@blorand.org
    Jul 16 20:05:51 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1971
    Jul 16 20:05:51 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1971
    Jul 16 20:05:51 kopano kopano-konnectd[1971]: level=debug msg="identifier client lookup" client_id=webapp known=true redirect_uri="https://webmail.blorand.org/webapp/#oidc-callback" trusted=true
    Jul 16 20:05:51 kopano kopano-konnectd[1971]: level=debug msg="identifier client lookup" client_id=webapp known=true redirect_uri="https://webmail.blorand.org/webapp/#oidc-callback" trusted=true
    Jul 16 20:05:51 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1971
    Jul 16 20:05:52 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-510
    Jul 16 20:05:52 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-510
    Jul 16 20:05:52 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-510
    Jul 16 20:05:52 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-510
    Jul 16 20:05:52 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-510
    Jul 16 20:05:52 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-510
    Jul 16 20:05:52 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-510
    Jul 16 20:05:52 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-510
    Jul 16 20:05:52 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-510
    Jul 16 20:05:52 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-510
    Jul 16 20:05:52 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-510
    Jul 16 20:05:52 kopano kopano-server[1961]: Created db_conn 0x564acaf96000 on T1997
    Jul 16 20:05:52 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-510
    Jul 16 20:05:52 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-510
    Jul 16 20:05:52 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1341
    Jul 16 20:05:53 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1971
    Jul 16 20:05:53 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1971
    Jul 16 20:05:53 kopano kopano-server[1961]: SSL connect from 127.0.0.1
    Jul 16 20:05:53 kopano kopano-server[1961]: No certificate in SSL connection.
    Jul 16 20:05:53 kopano kopano-server[1961]: SSL connect from 127.0.0.1
    Jul 16 20:05:53 kopano kopano-server[1961]: No certificate in SSL connection.
    Jul 16 20:05:53 kopano kopano-server[1961]: SSL connect from 127.0.0.1
    Jul 16 20:05:53 kopano kopano-server[1961]: No certificate in SSL connection.
    Jul 16 20:05:53 kopano kopano-server[1961]: SSL connect from 127.0.0.1
    Jul 16 20:05:53 kopano kopano-server[1961]: No certificate in SSL connection.
    Jul 16 20:05:53 kopano kopano-server[1961]: SSL connect from 127.0.0.1
    Jul 16 20:05:53 kopano kopano-server[1961]: No certificate in SSL connection.
    Jul 16 20:05:53 kopano kopano-server[1961]: SSL connect from 127.0.0.1
    Jul 16 20:05:53 kopano kopano-server[1961]: No certificate in SSL connection.
    Jul 16 20:05:53 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1340
    Jul 16 20:05:53 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1340
    Jul 16 20:05:53 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1340
    Jul 16 20:05:53 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1340
    Jul 16 20:05:53 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1340
    Jul 16 20:05:54 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1340
    Jul 16 20:05:54 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-2034
    Jul 16 20:05:54 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-2034
    Jul 16 20:05:54 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-2034
    Jul 16 20:05:54 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-2034
    Jul 16 20:05:54 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1798
    Jul 16 20:05:54 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1798
    Jul 16 20:05:54 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1798
    Jul 16 20:05:54 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1798
    Jul 16 20:05:54 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-2034
    Jul 16 20:05:54 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1337
    Jul 16 20:05:54 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1337
    Jul 16 20:05:54 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1337
    Jul 16 20:05:54 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1337
    Jul 16 20:05:54 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1337
    Jul 16 20:05:54 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1337
    Jul 16 20:05:54 kopano kopano-server[1961]: SSL connect from 127.0.0.1
    Jul 16 20:05:55 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-427
    Jul 16 20:05:55 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-427
    Jul 16 20:05:55 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1339
    Jul 16 20:05:55 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1339
    Jul 16 20:05:55 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1339
    Jul 16 20:05:55 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1339
    Jul 16 20:05:55 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1318
    Jul 16 20:05:55 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1318
    Jul 16 20:05:55 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1318
    Jul 16 20:05:55 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-1318
    Jul 16 20:05:58 kopano kopano-server[1961]: connect on /var/run/kopano/server.sock from *:pid-925
    Jul 16 20:06:11 kopano kopano-server[1961]: SSL connect from 127.0.0.1
    Jul 16 20:06:11 kopano kopano-server[1961]: Certificate "client-public.pem" does not match.
    

    And here the birdeatsbug link : https://app.birdeatsbug.com/sessions/0yXWZfircEzxWN66q5OJY

    It’s look like there is an oidc error, it’s beyond my skills.


  • Kopano

    Just a small remark. When Konnect and the application that is using is is reachable through the same (sub)domain, then its not necessary to add it to the identifier registration. The only case where this is needed on the same domain for Meet, is when you want to allow guest users to log in as well.

    Looking at the birdeatsbug session the one thing that jumps to my eyes is Access token expired. OIDC tokens are quite time sensitive. When using it its recommended that all connected devices use the same upstream time server.



  • You are right. I Just change the OIDC_CLIENT_ID in /etc/kopano/webapp/config.php to not reflect those i declare in /etc/kopano/konnectd-identifier-registration.yaml and it’s working. So i delete the declaration in /etc/kopano/konnectd-identifier-registration.yaml and keep only those for meet guest users.

    Many thanks !

    And mdm is working now. Good job !


Log in to reply