Authentication issues with YunoHost 11.1.0 with new SSOwat version / Please upgrade to YunoHost 11.1.2 to fix

Hi there

I suspect I have the same issue.

Running grep -A6 nextcloud /etc/ssowat/conf.json also did not return anything with use_remote_user_var_in_nginx_conf

        "nextcloud.api": {
            "auth_header": false,
            "label": "Nextcloud (api)",
            "public": true,
            "show_tile": false,
            "uris": [
                "re:anotherdomain\\/.well-known\\/.*"
--
        "nextcloud.main": {
            "auth_header": true,
            "label": "Nextcloud",
            "public": true,
            "show_tile": true,
            "uris": [
                "mydomain"

FYI, adding it manually and then running sudo yunohost app ssowatconf makes it disappear again from the file.

Thanks a lot for your time and let me know if I can help by providing further diagnostics

Sorry late and don’t be enough brave to write in english first please apologize me. And i know my english is very bad and sure hurt some eyes and ears

When i cd and ls the folder etc/ssowat i have only three files.

conf.json
conf.json.example
conf.json.persistent

I guess the conf.json was create with de first nano. I have email reader, bitwarden, wallabag

@Guillermo yes you have the correct files for sure it’s very strange that conf.json is empty and yet you have three applications installed.

This is a job for the experts!!

Dj

Hello,
I’m following this conversation because I have the same problem.
I read an old post (from September 2019) that suggests disabling php-fpm. I think I upgraded PHP and now it is using php8.
Sorry, I’m probably going to talk nonsense, but could this be related?
Is there any way to verify this?

Now you speak about it it’s look same time or 'ear I update PHP with 8 version in graphic version
Because I don’t remember doing an upgrade of SSO or anything near to YunoHost heart before

Same issue here
I just thinking is about my 2FA login but seems not
When I try to reconnect I’m able to enter login password and 2FA but it’s ask again and again these cred

In the log I see 401 error
and [

error] 2005398#2005398: *1863 [lua] helpers.lua:385: authenticate(): Connection failed

Someone did try a downgrade to 11.0.9 again ?

yunohost:
repo: testing
version: 11.1.0.2
yunohost-admin:
repo: testing
version: 11.1.0.2
moulinette:
repo: stable
version: 11.0.9
ssowat:
repo: stable
version: 11.0.11

Hi,

FYI, I tried this by stopping the service with sudo systemctl stop php8.0-fpm.service, then quit and restarted both my Linux and Android client, unfortunately without success.

Hi sssammm,
thank you for trying this.

I also tried
sudo yunohost service disable php8-fpm
and without php8-fpm, I get a “502 Bad Gateway” error message on my nextcloud web page.

Maybe Nginx needs to be reconfigured, but I don’t know how.
And I wonder if php8 has become mandatory with this version of Nextcloud.

Cyril

If I may ask, how can the deactivation be done? That may be useful until a proper fix is found.

You folks seem to all be running the 11.1.0 version for YunoHost, which is the infamous “YunoHost 11.1.x (testing) was incorrectly released on the stable channel instead of testing”

You should be running instead 11.1.2.x (testing) at least, which is more consistent with the fix published on SSOwat (it adds the use_remote_user_var_in_nginx_conf flag)

So I would advise using

curl https://install.yunohost.org/switchtoTesting | bash

to enable testing, to at least just to upgrade to 11.1.2.x, and then if you want remove the “testing” keyword from /etc/apt/sources.list.d/yunohost.list (though honestly I would advise keeping the testing channel enabled until we release 11.1 as stable …)

The alternative can be to downgrade ssowat but honestly meh, not even sure that’s easily possible

i think i have the same problem for the same reason.

how can i go back to the stable version instead?

@Aleks if I run the curl command, leave it in testing, that should solve our problem?

Just checking. Just to be sure.

Dj

Dunno what you mean by “leave it in testing”, but yes …

If reverting to the stable version was simple, we would advice this instead. There’s no way to go back to stable, there are major non-revertible changes between 11.0 and 11.1

ah, lol, got it.
thanks for sharing.

i didn’t understand this bit…

I mean if you want to “opt out” of the testing upgrades after upgrading to 11.1.2.x, then you should remove the “testing” keyword by editing the file with e.g. sudo nano /etc/apt/sources.list.d/yunohost.list and remove the testing keyword.

But as said, that’s not recommended because you wont benefit from possible bugfixes that may be published before 11.1 gets released as stable (in fact this is precisely what is happening right now). So I would stick with testing and only opt out of testing once 11.1 is really released as stable

@Aleks

You mention about editing

and then if you want remove the “testing”

We understand each other so yes….

Now showing 11.1.2.2 (testing) I will leave this as it is until stable is released…So the first part of your instructions worked. Thank you.

However, just tried a Nextcloud client (iOS) entered the credentials etc but failed with.

Access Denied State token does not match

Hmmmm

Dj

Mokay so let’s double-check that grep use_remote_user_var_in_nginx_conf /etc/ssowat/conf.json now does show something

Hi… just run that and got

“use_remote_user_var_in_nginx_conf”: true,

But multiple times, about 20 lines with a mix of true and false

Dj

image2048×1536 238 KB

Yes, that’s expected

So are you experiencing the same symptoms as before upgrading, or did something change ?