No SSO in Riot / Pas de SSO dans Riot

English version (French below)

Hi there!
Summary: I can’t get SSO to work in Riot

My YunoHost server

Hardware: Kimsufi KS-1
YunoHost version: 3.6.5.2
I have access to my server : Through SSH
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

I had Riot installed before SSO was available, on its own subdomain: riot.domain.tld
Today, I read that SSO is supposed to be working, providing you enter the adequate
homeserver.
I edited /etc/yunohost/apps/riot/settings.yml:
default_home_server: domain.tld

After login to my yunhost instance and clicking on the Riot app, I get to the riot login page.
The default server is properly set to domain.tld
But I still need to key in login+password.

Did I miss something?

Thanks in advance!


Bonjour!

Résumé: Je n’arrive pas à faire marcher SSO dans Riot

Mon serveur YunoHost

Matériel: Kimsufi KS-1
Version de YunoHost: 2.6.5
J’ai accès à mon serveur : En SSH
Êtes-vous dans un contexte particulier ou avez-vous effectué des modificiations particulières sur votre instance ? : non

Description du problème

J’ai installé Riot avant que SSO ne soit disponible, sur son propre domaine: riot.domain.tld

Aujourd’hui, je lis que SSO fonctionne, si on entre le serveur par défaut correctement.
J’ai édité /etc/yunohost/apps/riot/settings.yml:
default_home_server: domain.tld

Après m’être connecté à mon instance, je peux cliquer “Riot” depuis l’accueil, j’arrive bien sur la page de login de Riot, et mon serveur est bien le serveur par défaut.
Mais je dois encore entrer mon login et mot de passe.

Est-ce que j’ai raté quelque chose?

Merci d’avance!

1 Like

Hi,

Have you installed Synapse on your server? Its dedicated subdomain should be the home server you set in Riot.


Salut,

As-tu installé Synapse sur ton serveur? C’est son sous-domaine que tu dois renseigner pour le “home server”.

Yes!
Sorry if I didn’t mention it: I have my own Synapse server. Both Synapse and Riot are the Yunohost packaged versions.
With the settings, at login, I only type login+password and it logs me on my personal server (domain.tld). I don’t need to change the server on the Riot login page. It’s my Synapse server by default.
But the server is NOT on a subdomain. Is that the issue?


Oui!
Pardon si je ne l’ai pas mentionné: j’ai mon propre serveur Synapse. Synapse et Riot ont tous deux été installés avec les paquets Yunohost.
Avec les réglages, au login, je ne tape que login et mot de passe, et je suis connecté à mon serveur perso (domain.tld). Je n’ai pas besoin de changer le serveur sur la page de Riot, c’est mon serveur par défaut.
Mais le serveur n’a pas de sous-domaine. Est-ce que c’est la raison du problème?

Let’s stick with English, it will help most of the people reading here. :wink:

It is strongly discouraged to install Riot and Synapse on the same domain. You may be experiencing the mitigations they are referring to. I don’t have deep insights in how behave the app though.

I have just had a look to the Riot source files though, and I see it is logging its attempts to use the SSO. Can you enable the developer tools in your browser (F12, usually) and open the console? Then log off, and refresh the page to try to log in again.

If the scripts are correctly called, you should see “Try SSO Login”, then “SSO login failled [sic], php page returned…”. Can you post the whole text ?

Edit: I err… I actually have the same issue as you! :sweat_smile: I have to manually log in. There is nothing looking like “Try SSO Login” in my console.

They’re not on the same sub-domain:
Synapse is at the root: domain.tld
Riot is on its own subdomain: riot.domain.tld
Is it not right this way?

Oh sorry I misread your first message. It should be OK then.

Since I am also facing the issue, it is safe to say this is not due to some specifics of your server.

Yes there are a bug. The SSO authentication is brocken on the last riot version. I’ll fix this on the next release.

Is this because the patcher does not find this line?

Probably, I didn’t try to debug for now.

Hello,

Normally this bug is now fixed on the testing branch.

Tested, and I confirm it’s working. Thanks!

About the domain name sharing between riot and synapse, I was also wondering if riot.domain.tld is fine with synapse on domain.tld, and couldn’t find a satisfactory answer. Talking a bit with riot developers, I’m still a bit confused, but it seems they/some don’t recommend it as well.