添加链接 注册    登录
link管理
链接快照平台
  • 输入网页链接,自动生成快照
  • 标签化管理网页链接
相关文章推荐
面冷心慈的手套  ·  阴阳师鲤鱼精图鉴R级鲤鱼精技能属性详解_43 ...·  1 月前    · 
淡定的匕首  ·  通过验收!轨道交通6号线计划6月开通运营-名 ...·  5 月前    · 
鬼畜的冲锋衣  ·  马斯克短暂将推特头像换成无聊猿,暗讽NFT其 ...·  1 年前    · 
性感的钥匙扣  ·  云游通州:当旗袍邂逅燕京八绝之京绣……_北京 ...·  1 年前    · 
稳重的啤酒  ·  姓氏| 甄姓起源及其文化故事·  1 年前    · 
link管理  ›  SSO intergration configuration fails - Workspace - ONLYOFFICE
saml sso
https://forum.onlyoffice.com/t/sso-intergration-configuration-fails/6700
慷慨的烤面包
3 月前

Do you want to: Report a bug / Ask a how-to question
Community Server/Control Panel version: Latest
Type of installation of Workspace (docker, deb/rpm, exe) : docker-compose
OS: Amazon Linux 2

I have installed onlyoffice on a development server using docker-compose. The server is under a NAT. When I tried to integrate SSO using onelogin I faced few issues.

IdP metadata file is not getting uploaded (URL and file both don’t work). Gives a 504 error.

IdP certificates and SP certificates are not uploading. Stucks in please wait and then closes.

Can’t download onlyoffice SP metadata file. It gives a timeout error

Following logs can be found in the logs folder

Control panel log
2023-10-19 05:13:22 - error: http://onlyoffice-community-server/sso/loadmetadata Unexpected token < in JSON at position 0

Community server logs

web.sso log
{“message”:“getPortalSsoConfigUrl: https://hsuite.cyou/ssologin.ashx?config=saml",“level”:"debug ”}
{“error”:{“message”:“request to https://hsuite.cyou/ssologin.ashx?config=saml failed, reason: connect EHOSTUNREACH 124.43.131.134:443”,“type”:“system”,“errno”:“EHOSTUNREACH”,“code”:“EHOSTUNREACH”},“level”:“error”,“message”:“uncaughtException: request to https://hsuite.cyou/ssologin.ashx?config=saml failed, reason: connect EHOSTUNREACH 124.43.131.134:443\nFetchError: request to https://hsuite.cyou/ssologin.ashx?config=saml failed, reason: connect EHOSTUNREACH 124.43.131.134:443\n at ClientRequest. (/var/www/onlyoffice/Services/ASC.SsoAuth/node_modules/node-fetch/lib/index.js:1461:11)\n at ClientRequest.emit (node:events:513:28)\n at TLSSocket.socketErrorListener (node:_http_client:502:9)\n at TLSSocket.emit (node:events:513:28)\n at emitErrorNT (node:internal/streams/destroy:151:8)\n at emitErrorCloseNT (node:internal/streams/destroy:116:3)\n at process.processTicksAndRejections (node:internal/process/task_queues:82:21)”

web.socketio log
2023-10-19 10:42:05 - error: https://hsuite.cyou/api/2.0/batch.jsonconnect EHOSTUNREACH 124.43.131.134:443
2023-10-19 10:42:52 - info: POST /controller/counters/sendUnreadUsers 200 4.855 ms - -

nginx logs
2023/10/19 10:43:22 [error] 2323#2323: *44699 upstream timed out (110: Unknown error) while reading response header from upstream, client: 112.134.243.176, server: , request: “POST /controlpanel/sso/loadmetadata HTTP/2.0”, upstream: “ http://172.24.0.6:80/controlpanel/sso/loadmetadata ”, host: “hsuite.cyou”, referrer: “ https://hsuite.cyou/controlpanel/sso
2023/10/19 10:43:22 [error] 2323#2323: *46070 upstream timed out (110: Unknown error) while reading response header from upstream, client: 172.24.0.6, server: _, request: “POST /sso/loadmetadata HTTP/1.1”, upstream: “ https://127.0.0.1:443/sso/loadmetadata ”, host: “onlyoffice-community-server”

How can I overcome this issues?

hi @Nikolas
When trying to curl the metadata link I can see all the metadata. So controlpanel is able to get the data.

Also want to give a new update on this.

SSO intergration works if I remove the HTTPS certificate. But it only works if I log in using the server IP. Not from the domain URL.

Thanks

Hi @Nikolas

The same problem I mentioned above arised again. Due to some PTR records issues we had to remove the NAT connection. After that network change SSO integration is not working again. The logs have indicated a different issue this time.

web.sso log
{“message”:“getPortalSsoConfigUrl: https://hsuite.lk/ssologin.ashx?config=saml",“level”:"debug ”} {“error”:{“message”:“request to https://hsuite.lk/ssologin.ashx?config=saml failed, reason: unable to verify the first certificate”,“type”:“system”,“errno”:“UNABLE_TO_VERIFY_LEAF_SIGNATURE”,“code”:“UNABLE_TO_VERIFY_LEAF_SIGNATURE”},“level”:“error”,“message”:“uncaughtException: request to https://hsuite.lk/ssologin.ashx?config=saml failed, reason: unable to verify the first certificate\nFetchError: request to https://hsuite.lk/ssologin.ashx?config=saml failed, reason: unable to verify the first certificate\n at ClientRequest. (/var/www/onlyoffice/Services/ASC.SsoAuth/node_modules/node-fetch/lib/index.js:1461:11)\n at ClientRequest.emit (node:events:513:28)\n at TLSSocket.socketErrorListener (node:_http_client:502:9)\n at TLSSocket.emit (node:events:513:28)\n at emitErrorNT (node:internal/streams/destroy:151:8)\n at emitErrorCloseNT (node:internal/streams/destroy:116:3)\n at process.processTicksAndRejections (node:internal/process/task_queues:82:21)”,“stack”:“FetchError: request to https://hsuite.lk/ssologin.ashx?config=saml failed, reason: unable to verify the first certificate\n at ClientRequest. (/var/www/onlyoffice/Services/ASC.SsoAuth/node_modules/node-fetch/lib/index.js:1461:11)\n at ClientRequest.emit (node:events:513:28)\n at TLSSocket.socketErrorListener (node:_http_client:502:9)\n at TLSSocket.emit (node:events:513:28)\n at emitErrorNT (node:internal/streams/destroy:151:8)\n at emitErrorCloseNT (node:internal/streams/destroy:116:3)\n at process.processTicksAndRejections (node:internal/process/task_queues:82:21)”,“exception”:true,“date”:“Tue Nov 14 2023 04:09:14 GMT+0000 (Coordinated Universal Time)”,“process”:{“pid”:2314,“uid”:104,“gid”:107,“cwd”:“/var/www/onlyoffice/Services/ASC.SsoAuth”,“execPath”:“/usr/bin/node”,“version”:“v18.16.0”,“argv”:[“/usr/bin/node”,“/var/www/onlyoffice/Services/ASC.SsoAuth/app.js”,“UNIX.SERVER”],“memoryUsage”:{“rss”:113455104,“heapTotal”:30191616,“heapUsed”:27588400,“external”:1043971,“arrayBuffers”:134523}},“os”:{“loadavg”:[0.37,0.35,0.36],“uptime”:3355179.31},“trace”:[{“column”:11,“file”:“/var/www/onlyoffice/Services/ASC.SsoAuth/node_modules/node-fetch/lib/index.js”,“function”:null,“line”:1461,“method”:null,“native”:false},{“column”:28,“file”:“node:events”,“function”:“ClientRequest.emit”,“line”:513,“method”:“emit”,“native”:false},{“column”:9,“file”:“node:_http_client”,“function”:“TLSSocket.socketErrorListener”,“line”:502,“method”:“socketErrorListener”,“native”:false},{“column”:28,“file”:“node:events”,“function”:“TLSSocket.emit”,“line”:513,“method”:“emit”,“native”:false},{“column”:8,“file”:“node:internal/streams/destroy”,“function”:“emitErrorNT”,“line”:151,“method”:null,“native”:false},{“column”:3,“file”:“node:internal/streams/destroy”,“function”:“emitErrorCloseNT”,“line”:116,“method”:null,“native”:false},{“column”:21,“file”:“node:internal/process/task_queues”,“function”:“process.processTicksAndRejections”,“line”:82,“method”:“processTicksAndRejections”,“native”:false}]} {“message”:“::ffff:127.0.0.1 - - [14/Nov/2023:04:10:14 +0000] "POST /loadmetadata HTTP/1.1" - - "-" "-"”,“level”:“info”}

Do you know any solution for this?

  • Do you have a reverse proxy in front of the portal?
  • Which instruction did you use to switch to HTTPS?
  • Check the solution for HTTPS issues: HTTPS Issues

    • Let’s see how the request from the CS container goes:

    curl -vv https://hsuite.lk/ssologin.ashx?config=saml

     
    推荐文章
    面冷心慈的手套  ·  阴阳师鲤鱼精图鉴R级鲤鱼精技能属性详解_4399手机游戏网
    1 月前
    淡定的匕首  ·  通过验收!轨道交通6号线计划6月开通运营-名城苏州新闻中心
    5 月前
    鬼畜的冲锋衣  ·  马斯克短暂将推特头像换成无聊猿,暗讽NFT其实可替代
    1 年前
    性感的钥匙扣  ·  云游通州:当旗袍邂逅燕京八绝之京绣……_北京日报APP新闻
    1 年前
    稳重的啤酒  ·  姓氏| 甄姓起源及其文化故事
    1 年前
    Link管理   ·   51好读   ·   Sov5搜索   ·   小百科
    link管理 - 链接快照平台