Client: Unable to start owncloud client: First setup wizard redirects to cern sso page

Created on 8 Nov 2017  ·  14Comments  ·  Source: owncloud/client

Owncloud nightly client, setup wizard redirects me to the cern sso page for the log in, something it shouldnt happen. So im unable to start the client. Problem with redirects sill there as @moscicki noted in #6086 issue.

ReadyToTest bug p2-high
Source
picture giorgosalex

Most helpful comment

I just tested it. It works fine for us now! Thanks!

picture giorgosalex on 15 Nov 2017
🎉4

All 14 comments

@giorgosalex Could you give me log output, the full one that you get with --logdebug? After the recent adjustments there should be no difference in non-fallback behavior left. If it's too big feel free to email me at mail at ckamm de.

ckamm picture ckamm on 8 Nov 2017

@SamuAlfageme related to https://github.com/owncloud/client/issues/6135 ?

michaelstingl picture michaelstingl on 8 Nov 2017

Collateral of the behavior introduced for https://github.com/owncloud/client/issues/5954 and https://github.com/owncloud/client/pull/6106

The thing is, using the webUI you get redirected to the IDP, but the client still used basic auth in pre-2.4, don't really know how to sort these kind of hybrid setups:

2.3.3

11-08 11:36:35:269 [ info sync.accessmanager ]: 2 "" "http://<server>/status.php" has X-Request-ID "95c286c4-496f-4d5c-b101-bea1576e024e"
11-08 11:36:35:270 [ info sync.networkjob ]:    OCC::CheckServerJob created for "http://<server>/" + "status.php" "OCC::OwncloudSetupWizard"
11-08 11:36:36:651 [ info sync.networkjob.checkserver ]:    status.php was permanently redirected to QUrl("https://<server>/status.php") new server url is QUrl("https://<server>")
11-08 11:36:36:652 [ info sync.networkjob ]:    Redirecting "GET" QUrl("http://<server>/status.php") QUrl("https://<server>/status.php")
11-08 11:36:36:652 [ info sync.accessmanager ]: 2 "" "https://<server>/status.php" has X-Request-ID "3b04d4da-6d5e-4ee2-b340-0cba4e4c463f"
11-08 11:36:37:061 [ info sync.networkjob.checkserver ]:    status.php returns:  QJsonDocument({"edition":"cernbox","installed":"true","version":"8.0.2","versionstring":"8.0.2"})   QNetworkReply::NetworkError(NoError)  Reply:  QNetworkReplyHttpImpl(0x7fd943d261a0)
11-08 11:36:37:062 [ info gui.wizard ]:  was redirected to "https://<server>"
11-08 11:36:37:062 [ info sync.networkjob.determineauthtype ]:  Determining auth type for QUrl("https://<server>/remote.php/webdav/")
11-08 11:36:37:062 [ info sync.accessmanager ]: 2 "" "https://<server>/remote.php/webdav/" has X-Request-ID "baf4c24b-53be-419d-bca7-17e3124b677a"
11-08 11:36:37:063 [ info sync.networkjob ]:    OCC::SimpleNetworkJob created for "https://<server>" + "" "OCC::Account"
11-08 11:36:37:063 [ info sync.accessmanager ]: 6 "PROPFIND" "https://<server>/remote.php/webdav/" has X-Request-ID "50ebe178-ed2b-496d-bf4a-6b8a3cbad23b"
11-08 11:36:37:064 [ info sync.networkjob ]:    OCC::SimpleNetworkJob created for "https://<server>" + "" "OCC::Account"
11-08 11:36:37:201 [ info sync.networkjob ]:    Redirecting "GET" QUrl("https://<server>/remote.php/webdav/") QUrl("https://<idp>/adfs/ls/?wa=wsignin1.0&wreply=https%3A%2F%2Fowncloud_prod_backend%2FShibboleth.sso%2FADFS&wct=2017-11-08T10%3A36%3A36Z&wtrealm=https%3A%2F%2F<server>%2FShibboleth.sso%2FADFS&wctx=cookie%3A1510137396_2895")
11-08 11:36:37:202 [ info sync.accessmanager ]: 2 "" "https://<idp>/adfs/ls/?wa=wsignin1.0&wreply=https%3A%2F%2Fowncloud_prod_backend%2FShibboleth.sso%2FADFS&wct=2017-11-08T10%3A36%3A36Z&wtrealm=https%3A%2F%2F<server>%2FShibboleth.sso%2FADFS&wctx=cookie%3A1510137396_2895" has X-Request-ID "43a63b52-2e06-4414-8d4a-8b3f7974578a"
11-08 11:36:37:342 [ info sync.networkjob ]:    Redirecting "PROPFIND" QUrl("https://<server>/remote.php/webdav/") QUrl("https://<idp>/adfs/ls/?wa=wsignin1.0&wreply=https%3A%2F%2Fowncloud_prod_backend%2FShibboleth.sso%2FADFS&wct=2017-11-08T10%3A36%3A37Z&wtrealm=https%3A%2F%2F<server>%2FShibboleth.sso%2FADFS&wctx=cookie%3A1510137397_c2a9")
11-08 11:36:37:343 [ info sync.accessmanager ]: 6 "PROPFIND" "https://<idp>/adfs/ls/?wa=wsignin1.0&wreply=https%3A%2F%2Fowncloud_prod_backend%2FShibboleth.sso%2FADFS&wct=2017-11-08T10%3A36%3A37Z&wtrealm=https%3A%2F%2F<server>%2FShibboleth.sso%2FADFS&wctx=cookie%3A1510137397_c2a9" has X-Request-ID "6543336a-3f6d-4673-b617-62c93522b23b"
11-08 11:36:38:255 [ info sync.networkjob.determineauthtype ]:  Auth type for QUrl("https://<server>/remote.php/webdav/") is 1

2.4.0 nightly

11-08 11:44:38:982 [ info sync.accessmanager ]: 2 "" "http://<server>/status.php" has X-Request-ID "1c18c4d3-459f-4dbc-b06b-ce7cfdc0e8db"
11-08 11:44:38:982 [ info sync.networkjob ]:    OCC::CheckServerJob created for "http://<server>/" + "status.php" "OCC::OwncloudSetupWizard"
11-08 11:44:39:201 [ info sync.networkjob.checkserver ]:    status.php was permanently redirected to QUrl("https://<server>/status.php") new server url is QUrl("https://<server>")
11-08 11:44:39:201 [ info sync.networkjob ]:    Redirecting "GET" QUrl("http://<server>/status.php") QUrl("https://<server>/status.php")
11-08 11:44:39:202 [ info sync.accessmanager ]: 2 "" "https://<server>/status.php" has X-Request-ID "58548f1a-d2e6-4849-a20c-d3628d7ce30d"
11-08 11:44:39:672 [ info sync.networkjob.checkserver ]:    status.php returns:  QJsonDocument({"edition":"cernbox","installed":"true","version":"8.0.2","versionstring":"8.0.2"})   QNetworkReply::NetworkError(NoError)  Reply:  QNetworkReplyHttpImpl(0x7fb4ee22dcb0)
11-08 11:44:39:673 [ info gui.wizard ]:  was redirected to "https://<server>"
11-08 11:44:39:673 [ info sync.accessmanager ]: 2 "" "https://<server>/remote.php/webdav/" has X-Request-ID "b6e305f2-632d-40e0-9253-62be5830517a"
11-08 11:44:39:674 [ info sync.networkjob ]:    OCC::DetermineAuthTypeJob created for "https://<server>" + "" "OCC::OwncloudSetupWizard"
11-08 11:44:39:824 [ warning sync.networkjob.determineauthtype ]:   QUrl("https://<server>/remote.php/webdav/") was redirected to the incompatible address "https://<idp>/adfs/ls/?wa=wsignin1.0&wreply=https%3A%2F%2Fowncloud_prod_backend%2FShibboleth.sso%2FADFS&wct=2017-11-08T10%3A44%3A39Z&wtrealm=https%3A%2F%2F<server>%2FShibboleth.sso%2FADFS&wctx=cookie%3A1510137879_e55f"
SamuAlfageme picture SamuAlfageme on 8 Nov 2017

@SamuAlfageme The key part of the log is this:

QUrl("https://<server>/remote.php/webdav/") was redirected to the incompatible address 
"https://<idp>/adfs/ls/?wa=wsignin1.0&wreply=https%3A%2F%2Fowncloud_prod_backend%2FShibboleth.sso...

It tells me that the 2.4.0 nightly used didn't include the patch 9af6e29f42b9c7e4eb99d6493d09bbff2b7b9df1 which was merged three days ago. Could you try this again with the newest nightly? My expectation is that this would be detected as Basic or OAuth. Should it be detected as Shibboleth? If so, we need to adjust the url patterns used to detect it. Currently the regex applied to redirection urls to detect shibboleth is a simple SAML|wayf.

ckamm picture ckamm on 9 Nov 2017
👍1

@ckamm you're absolutely right, I was using a week-old nightly. https://github.com/owncloud/client/commit/9af6e29f42b9c7e4eb99d6493d09bbff2b7b9df1 does solve the issue in the wizard.

@giorgosalex care to try with a newer nightly: http://download.owncloud.com/desktop/daily/ ?

EDIT: my success reproducing this was rather related to using http instead of https and not following the 301 redirection (https://github.com/owncloud/client/issues/5954) - the 2 virtual hosts seem to have different configurations; i.e. one was basic-auth protected, the other against an IDP.

SamuAlfageme picture SamuAlfageme on 9 Nov 2017

@giorgosalex From your log

11-08 15:06:44:064 [ info sync.networkjob.determineauthtype ]:  Determining auth type for QUrl("https://<server>/remote.php/webdav/")
11-08 15:06:44:064 [ info sync.accessmanager ]: 2 "" "https://<server>/remote.php/webdav/" has X-Request-ID "e6d628e5-8a89-4e91-bc8c-58d1d49e62ec"
11-08 15:06:44:064 [ info sync.networkjob ]:    OCC::SimpleNetworkJob created for "https://<server>" + "" "OCC::Account"
11-08 15:06:44:064 [ info sync.accessmanager ]: 6 "PROPFIND" "https://<server>/remote.php/webdav/" has X-Request-ID "5a3f630f-2adf-4a2b-bab5-d8aa19b2b795"
11-08 15:06:44:064 [ info sync.networkjob ]:    OCC::SimpleNetworkJob created for "https://<server>" + "" "OCC::Account"
11-08 15:06:44:064 [ debug sync.networkjob ]    [ OCC::AbstractNetworkJob::slotFinished ]:  Network job OCC::CheckServerJob finished for "status.php"
11-08 15:06:44:068 [ debug sync.networkjob ]    [ OCC::AbstractNetworkJob::slotFinished ]:  Network job OCC::SimpleNetworkJob finished for ""
11-08 15:06:44:079 [ info sync.networkjob.determineauthtype ]:  Auth type for QUrl("https://<server>/remote.php/webdav/") is 0

You are using the newest code but it is indeed not figuring out the right auth type. :(

That means the GET request to "https:///remote.php/webdav/" isn't redirected in a shibboleth-y way and the PROPFIND to the same address doesn't contain any "WWW-Authenticate".

Which auth type should it detect?

Edit: Note that when I try to point my client to your server it correctly detects shibboleth auth!

ckamm picture ckamm on 9 Nov 2017

I've been talking to @SamuAlfageme and I think we've figured it out. The 2.3 client fell back to basic auth always, while the new client has the concept of "unknown auth type". The particular pages that are queried for the cern server actually reply 404, so the 2.4 client is confused and gives up.

Since it's a regression I'll restore the previous behavior of going with basic auth in doubt.

ckamm picture ckamm on 9 Nov 2017

@giorgosalex Will be fixed with the upcoming nightly. Will you be able to test it again?

ckamm picture ckamm on 14 Nov 2017

@ckamm Should i test it tomorrow with the new nightly?

giorgosalex picture giorgosalex on 14 Nov 2017
👍1

@giorgosalex just triggered a build - there you go:

SamuAlfageme picture SamuAlfageme on 14 Nov 2017

Still now working. Heres the output log. It redirected me again at cern sso page.

11-14 15:57:11:723 [ info gui.application ]:    "################## ownCloud locale:[en_US] ui_lang:[] version:[2.5.0 (build 8695)] os:[CentOS Linux 7 (Core)]"
11-14 15:57:11:723 [ info gui.application ]:    Using "en_US" translation
11-14 15:57:11:723 [ info gui.application ]:    Loading global exclude list
11-14 15:57:11:724 [ info gui.socketapi ]:      server started, listening at  "/run/user/1000/ownCloud/socket"
11-14 15:57:11:724 [ info gui.folder.manager ]: setting remote poll timer interval to 30000 msec
11-14 15:57:11:724 [ info gui.account.manager ]:        Migrate: restoreFromLegacySettings, checking settings group "ownCloud"
11-14 15:57:11:724 [ info gui.account.manager ]:        Migrate: checking old config  "/home/user/.local/share/data/ownCloud/owncloud.cfg"
11-14 15:57:11:724 [ info gui.folder.manager ]: Setup folders from  "/home/user/.local/share/data//ownCloud/folders" (migration)
11-14 15:57:11:724 [ info sync.clientproxy ]:   Set proxy configuration to use system configuration
11-14 15:57:11:945 [ info gui.application ]:    No configured folders yet, starting setup wizard
11-14 15:57:14:912 [ info gui.updater ]:        Checking for available update
11-14 15:57:14:912 [ info sync.accessmanager ]: 2 "" "https://updates.owncloud.com/client/?client=TFNCIFZlcnNpb246CTpjb3JlLTQuMS1hbWQ2NDpjb3JlLTQuMS1ub2FyY2g6Y3h4LTQuMS1hbWQ2NDpjeHgtNC4xLW5vYXJjaDpkZXNrdG9wLTQuMS1hbWQ2NDpkZXNrdG9wLTQuMS1ub2FyY2g6bGFuZ3VhZ2VzLTQuMS1hbWQ2NDpsYW5ndWFnZXMtNC4xLW5vYXJjaDpwcmludGluZy00LjEtYW1kNjQ6cHJpbnRpbmctNC4xLW5vYXJjaApEaXN0cmlidXRvciBJRDoJQ2VudE9TCkRlc2NyaXB0aW9uOglDZW50T1MgTGludXggcmVsZWFzZSA3LjQuMTcwOCAoQ29yZSkgClJlbGVhc2U6CTcuNC4xNzA4CkNvZGVuYW1lOglDb3JlCg%3D%3D&version=2.5.0.8695&platform=linux&oem=ownCloud&versionsuffix=" has X-Request-ID "5334b9d0-458f-4db2-9acb-95e689b19f61"
11-14 15:57:14:982 [ warning gui.updater ]:     Failed to reach version check url:  "SSL handshake failed"
11-14 15:58:05:107 [ info gui.wizard ]: No system proxy set by OS
11-14 15:58:05:107 [ info sync.accessmanager ]: 2 "" "usualaddr/status.php" has X-Request-ID "940b10cd-a889-479e-a732-e14f3fffb41e"
11-14 15:58:05:108 [ info sync.networkjob ]:    OCC::CheckServerJob created for "usualaddr" + "status.php" "OCC::OwncloudSetupWizard"
11-14 15:58:05:122 [ info sync.networkjob.checkserver ]:        status.php returns:  QJsonDocument({"edition":"cernbox","installed":"true","version":"8.0.2","versionstring":"8.0.2"})   QNetworkReply::NetworkError(NoError)  Reply:  QNetworkReplyHttpImpl(0x558788f3c5e0)
11-14 15:58:05:122 [ info sync.accessmanager ]: 2 "" "usualaddr/remote.php/webdav/" has X-Request-ID "acc534ec-276b-4fc3-a8eb-ef0a46ee0fed"
11-14 15:58:05:123 [ info sync.networkjob ]:    OCC::DetermineAuthTypeJob created for "usualaddr" + "" "OCC::OwncloudSetupWizard"
11-14 15:58:05:124 [ warning default ]: QIODevice::read (QFile, "/home/user/.local/share/data//ownCloud//cookies.db"): device not open
11-14 15:58:08:602 [ info gui.account.manager ]:        Saved all account settings, status: 0

I have replaced the usual address to log in with "usualaddr" in the log file i sent you.

giorgosalex picture giorgosalex on 14 Nov 2017

@giorgosalex woop, sorry I mixed up the nightly version 🤦‍♂️ - should be 2.4.0 instead of master; try these ones:

SamuAlfageme picture SamuAlfageme on 14 Nov 2017

@giorgosalex Did you have success?

guruz picture guruz on 15 Nov 2017

I just tested it. It works fine for us now! Thanks!

giorgosalex picture giorgosalex on 15 Nov 2017
🎉4
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ahmedatawfik picture ahmedatawfik  ·  5Comments
michaelstingl picture michaelstingl  ·  5Comments
dartcafe picture dartcafe  ·  4Comments
cdhowie picture cdhowie  ·  4Comments
codesmaker picture codesmaker  ·  4Comments