Hello,
I install DocSpace 3 using the install script, and it’s running on Debian unstable, Docker 27.3.1.
Now I am trying to configure SSO, and even though I think I did everything right, I am getting authentication failures. Maybe someone knows why?
We have Authentik as our IdP, and I created a provider as follows:
On the DocSpace side of things, I configured stuff as follows:
Now, when I try to log in using SAML, the IdP logs say everything is hunky dory, but the authentication fails:
I set up a tail -f
on all log files prior to trying the SSO login, and here is the output. Everything seems fine (HTTP 200 OK
) up until an including GET /api/2.0/settings?withPassword=true
, which gets a HTTP 200 OK
, but the next requests are for the login error page/message.
Nothing else is in the logs anywhere. How can I figure out why this is not working?
==> access.log <==
172.23.0.4 - - [03/Dec/2024:12:50:58 +0000] "GET /ssologin.ashx?config=saml HTTP/1.0" 200 4735 "-" "node-fetch/1.0 (+https://github.com/bitinn/node-fetch)" "192.168.231.97, 192.168.231.98"
192.168.231.98 - - [03/Dec/2024:12:50:58 +0000] "GET /ssologin.ashx?config=saml HTTP/1.1" 200 4754 "-" "node-fetch/1.0 (+https://github.com/bitinn/node-fetch)" "192.168.231.97"
==> access-proxy.log <==
192.168.231.98 - - [03/Dec/2024:12:50:58 +0000] "GET /ssologin.ashx?config=saml HTTP/1.1" 200 4754 "-" "node-fetch/1.0 (+https://github.com/bitinn/node-fetch)"
==> access.log <==
172.23.0.4 - - [03/Dec/2024:12:50:58 +0000] "GET /sso/login HTTP/1.0" 302 1300 "https://docs.example.net/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0" "192.168.235.1, 192.168.231.98"
192.168.231.98 - - [03/Dec/2024:12:50:58 +0000] "GET /sso/login HTTP/1.1" 302 1300 "https://docs.example.net/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0" "192.168.235.1"
==> access-proxy.log <==
192.168.231.98 - - [03/Dec/2024:12:50:58 +0000] "GET /sso/login HTTP/1.1" 302 1300 "https://docs.example.net/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"
==> access.log <==
172.23.0.4 - - [03/Dec/2024:12:50:59 +0000] "GET /ssologin.ashx?config=saml HTTP/1.0" 200 4735 "-" "node-fetch/1.0 (+https://github.com/bitinn/node-fetch)" "192.168.231.97, 192.168.231.98"
192.168.231.98 - - [03/Dec/2024:12:50:59 +0000] "GET /ssologin.ashx?config=saml HTTP/1.1" 200 4754 "-" "node-fetch/1.0 (+https://github.com/bitinn/node-fetch)" "192.168.231.97"
==> access-proxy.log <==
192.168.231.98 - - [03/Dec/2024:12:50:59 +0000] "GET /ssologin.ashx?config=saml HTTP/1.1" 200 4754 "-" "node-fetch/1.0 (+https://github.com/bitinn/node-fetch)"
==> access.log <==
172.23.0.4 - - [03/Dec/2024:12:50:59 +0000] "GET /sso/acs?SAMLResponse=xVhZc6PIsn7Xr…Rf%2F1Vvbt3w%3D%3D HTTP/1.0" 302 148 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0" "192.168.235.1, 192.168.231.98"
192.168.231.98 - - [03/Dec/2024:12:50:59 +0000] "GET /sso/acs?SAMLResponse=xVhZc6PIsn7Xr…Rf%2F1Vvbt3w%3D%3D HTTP/1.1" 302 148 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0" "192.168.235.1"
==> access-proxy.log <==
192.168.231.98 - - [03/Dec/2024:12:50:59 +0000] "GET /sso/acs?SAMLResponse=xVhZc6PIsn7Xr…Rf%2F1Vvbt3w%3D%3D HTTP/1.1" 302 148 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"
==> access.log <==
172.23.0.4 - - [03/Dec/2024:12:50:59 +0000] "GET /api/2.0/settings/colortheme HTTP/1.0" 200 901 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0" "192.168.235.1, 192.168.231.98, 172.23.0.4, 192.168.231.97, 192.168.231.98"
192.168.231.98 - - [03/Dec/2024:12:50:59 +0000] "GET /api/2.0/settings/colortheme HTTP/1.1" 200 913 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0" "192.168.235.1, 192.168.231.98, 172.23.0.4, 192.168.231.97"
==> access-proxy.log <==
192.168.231.98 - - [03/Dec/2024:12:50:59 +0000] "GET /api/2.0/settings/colortheme HTTP/1.1" 200 913 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"
==> access.log <==
172.23.0.4 - - [03/Dec/2024:12:50:59 +0000] "GET /api/2.0/settings?withPassword=true HTTP/1.0" 200 1160 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0" "192.168.235.1, 192.168.231.98, 172.23.0.4, 192.168.231.97, 192.168.231.98"
192.168.231.98 - - [03/Dec/2024:12:50:59 +0000] "GET /api/2.0/settings?withPassword=true HTTP/1.1" 200 1172 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0" "192.168.235.1, 192.168.231.98, 172.23.0.4, 192.168.231.97"
==> access-proxy.log <==
192.168.231.98 - - [03/Dec/2024:12:50:59 +0000] "GET /api/2.0/settings?withPassword=true HTTP/1.1" 200 1172 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"
==> access.log <==
172.23.0.4 - - [03/Dec/2024:12:50:59 +0000] "GET /login/error?messageKey=18 HTTP/1.0" 200 14622 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0" "192.168.235.1, 192.168.231.98"
192.168.231.98 - - [03/Dec/2024:12:50:59 +0000] "GET /login/error?messageKey=18 HTTP/1.1" 200 14738 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0" "192.168.235.1"
==> access-proxy.log <==
192.168.231.98 - - [03/Dec/2024:12:50:59 +0000] "GET /login/error?messageKey=18 HTTP/1.1" 200 14738 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"
==> access.log <==
172.23.0.4 - - [03/Dec/2024:12:51:00 +0000] "GET /logo.ashx?logotype=1&dark=false&default=false HTTP/1.0" 302 0 "https://docs.example.net/login/error?messageKey=18" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0" "192.168.235.1, 192.168.231.98"
192.168.231.98 - - [03/Dec/2024:12:51:00 +0000] "GET /logo.ashx?logotype=1&dark=false&default=false HTTP/1.1" 302 0 "https://docs.example.net/login/error?messageKey=18" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0" "192.168.235.1"
==> access-proxy.log <==
192.168.231.98 - - [03/Dec/2024:12:51:00 +0000] "GET /logo.ashx?logotype=1&dark=false&default=false HTTP/1.1" 302 0 "https://docs.example.net/login/error?messageKey=18" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"