Meet in Univention Login Loop
-
HI All,
I have been testing Kopano On Univention with the lastest versions,and Kopano Meet dont work
I aready set up SSO login with Open Id Provider, i can login trough it on univention portal but with Kopano Meet it always give a login loop and go to the inicial login page.
“meet/#oidc-callback&code=f1HhP-QoErCqe-n3JzOINCD1tbsgbD_c&scope=kopano/kwm%20kopano/gc%20kopano/kvs%20openid%20profile%20email&session_state=5475e446fd4120ae61263ae6c45a98ac6587b724f11ffb0f024fdc6aec2ba82e.9SKUajmt8W0JJ-iVdHKLU61DqA23UP9sksFPy2NhwFk=&state=171b8c01e1fc458187df42b0ae11ca24”
I dont see any errors on OpenId connector, maybe a proxy redirect error on apache???
Anyone tested the lastest versions of the app??
Regards…
-
Hi @edgar-fernandes,
@edgar-fernandes said in Meet in Univention Login Loop:
Anyone tested the lastest versions of the app??
of course.
What is the data you seen in the response headers to the above request?
You can find further debugging instructions at https://wiki.z-hub.io/display/K4U/Debugging+Kopano+on+Univention#DebuggingKopanoonUnivention-Containerisedapps
-
HI @fbartels
The response on my browser says…
oidc failed to complete authentication Error: iat is in the future: 1613560585
at Function.e.validateJwtAttributes (oidc-client.min.js:47)
at oidc-client.min.js:1
-
Hi @edgar-fernandes,
OpenID session tokens are quite time sensitive. It seems you have a time drift between your server and client. It is recommended to use ntp on all systems to keep time in sync.
-
ucr dump | grep kopano/docker | grep -v PASSWORD
kopano/docker/ENABLE_MCU_API: no
kopano/docker/FQDN_MEET: my.domain.com
kopano/docker/FQDN_SSO: my.domain.com
kopano/docker/GRID_WEBAPP: no
kopano/docker/INSECURE: no
kopano/docker/MEET_GUEST_ALLOW: yes
kopano/docker/MEET_GUEST_REGEXP: ^group/public/.*
kopano/docker/PIPELINE_FORCED_REGEXP: @conference/.*
kopano/docker/TURN_SERVICE_URL: https://ucs-turn.kopano.com/turnserverauth/
kopano/docker/TURN_USER: KST0300-8YUG3GPVX -
Humm OK …
I understand in fact the time is differnt on the logs …
there is a gap…
Quite a bit a ahead of the real time … strange…
I did not even notice that …
Maybe its the time sync from the hypervisor…
Let me try that …
Thanks
-
UPDATE:
First of all thanks @fbartels …
The problem was wrong Hardware Clock it was different than the system clock.
I had to disable the HyperVisor Sync Time and then i did
hwclock -w on the command line, to set the hardware clock equal to system clock.
Now it works Thanks a lot
Best Regards,
