Control panel can't save SSO settings. 404 happens

Hi.

I’m try connecting onlyoffice to keycloak SSO.
Entering the configuration.
http_s://officesrv/controlpanel/sso/uploadmetadata - working
http_s://officesrv/controlpanel/sso/validatecerts - working

But when I click to “SAVE” button on SSO configuration page, I get the 404 error.

Browser console show error “http_s://officesrv/controlpanel/sso/settings” URL not found.

What could be the reason? Is there a way to manually enter configuration parameters?

Version: {“count”:1,“status”:0,“statusCode”:200,“response”:{“communityServer”:“11.6.1035”,“documentServer”:“7.0.0.132”,“xmppServer”:“11.0.63”}}
Control panel version: 3.0.389

Thanks for your help!

Hello @Sunseich
Please note that we didn’t test Keycloak SSO identity provider.
https://helpcenter.onlyoffice.com/administration/control-panel-sso-description.aspx

Please let us know your portal installation type (docker, package, exe) and provide us with screenshot of an error.

Hello, Alexandre!

Installation type is “exe”.

Yes, I’ve seen the instructions. If the system supports SAML, then there should be no problems.
I can’t understand why the settings can’t be saved. Usually there are problems with the configuration after saving the settings.

I found in “web.sso.*.log”

{“message”:“getPortalSsoConfigUrl: http_s://officesrv/ssologin.ashx?config=saml”,“level”:“debug”}
{“message”:"::1 - - [05/Apr/2022:07:18:23 +0000] “POST /uploadmetadata HTTP/1.1” 200 5945 “http_s://officesrv/controlpanel/sso” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"”,“level”:“info”}
{“message”:“getPortalSsoConfigUrl: http_s://officesrv/ssologin.ashx?config=saml”,“level”:“debug”}
{“message”:"::1 - - [05/Apr/2022:07:18:23 +0000] “POST /validatecerts HTTP/1.1” 200 1128 “http_s://officesrv/controlpanel/sso” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"”,“level”:“info”}
{“message”:“invalid route /settings”,“level”:“error”}
{“message”:“getPortal404Url: http_s://officesrv/404.aspx”,“level”:“debug”}

“invalid route /settings” is very strange.

Could you please reproduce the issue and provide us with whole Control Panel and Community server logs folders?

Also please reproduce the issue with open browser console (F12 in Google Chrome). Please check if there’re any error entries in ‘Console’ and ‘Network’ tabs. Please make screenshots.

@Sunseich
Could you please provide us with Web.config file? It’s located here: Program Files (x86)\Ascensio System SIA\CommunityServer\WebStudio

Hi, Alexandre.
File content 1 of 2 parts is:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <configSections>
    <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net" />
    <section name="nlog" type="NLog.Config.ConfigSectionHandler, NLog" />
    <section name="storage" type="ASC.Data.Storage.Configuration.StorageConfigurationSection, ASC.Data.Storage" />
    <section name="consumers" type="ASC.Core.Common.Configuration.ConsumerConfigurationSection, ASC.Core.Common" />
    <section name="apiClient" type="ASC.Api.Client.ApiClientConfiguration, ASC.Api.Client" />
    <section name="autofac" type="ASC.Common.DependencyInjection.AutofacConfigurationSection, ASC.Common" />
    <section name="dotless" type="dotless.Core.configuration.DotlessConfigurationSectionHandler, dotless.AspNet" />
    <section name="redisCacheClient" type="StackExchange.Redis.Extensions.LegacyConfiguration.RedisCachingSectionHandler, StackExchange.Redis.Extensions.LegacyConfiguration" />
  </configSections>
  <system.data>
    <DbProviderFactories>
      <clear />
      <add name="MySQL Data Provider" invariant="MySql.Data.MySqlClient" description=".Net Framework Data Provider for MySQL" type="MySql.Data.MySqlClient.MySqlClientFactory, MySql.Data" />
    </DbProviderFactories>
  </system.data>
  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Diagnostics.DiagnosticSource" culture="neutral" publicKeyToken="cc7b13ffcd2ddd51" />
        <bindingRedirect oldVersion="0.0.0.0-4.0.5.0" newVersion="4.0.5.0" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Google.Api.Gax" culture="neutral" publicKeyToken="3ec5ea7f18953e47" />
        <bindingRedirect oldVersion="0.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Google.Api.Gax.Rest" culture="neutral" publicKeyToken="3ec5ea7f18953e47" />
        <bindingRedirect oldVersion="0.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Google.Apis" culture="neutral" publicKeyToken="4b01fa6e34db77ab" />
        <bindingRedirect oldVersion="0.0.0.0-1.45.0.0" newVersion="1.45.0.0" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Google.Apis.Auth" culture="neutral" publicKeyToken="4b01fa6e34db77ab" />
        <bindingRedirect oldVersion="0.0.0.0-1.45.0.0" newVersion="1.45.0.0" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Google.Apis.Core" culture="neutral" publicKeyToken="4b01fa6e34db77ab" />
        <bindingRedirect oldVersion="0.0.0.0-1.45.0.0" newVersion="1.45.0.0" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Google.Apis.Storage.v1" culture="neutral" publicKeyToken="4b01fa6e34db77ab" />
        <bindingRedirect oldVersion="0.0.0.0-1.45.0.1911" newVersion="1.45.0.1911" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="log4net" culture="neutral" publicKeyToken="669e0ddf0bb1aa2a" />
        <bindingRedirect oldVersion="0.0.0.0-2.0.8.0" newVersion="2.0.8.0" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Microsoft.Extensions.DependencyInjection.Abstractions" culture="neutral" publicKeyToken="adb9793829ddae60" />
        <bindingRedirect oldVersion="0.0.0.0-2.1.1.0" newVersion="2.1.1.0" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed" />
        <bindingRedirect oldVersion="0.0.0.0-12.0.0.0" newVersion="12.0.0.0" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="BouncyCastle.Crypto" culture="neutral" publicKeyToken="0e99375e54769942" />
        <bindingRedirect oldVersion="0.0.0.0-1.8.10.0" newVersion="1.8.10.0" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="StackExchange.Redis.Extensions.Core" culture="neutral" publicKeyToken="d7d863643bcd13ef" />
        <bindingRedirect oldVersion="0.0.0.0-4.0.5.0" newVersion="4.0.5.0" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Buffers" culture="neutral" publicKeyToken="cc7b13ffcd2ddd51" />
        <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Memory" culture="neutral" publicKeyToken="cc7b13ffcd2ddd51" />
        <bindingRedirect oldVersion="0.0.0.0-4.0.1.1" newVersion="4.0.1.1" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" culture="neutral" publicKeyToken="b03f5f7f11d50a3a" />
        <bindingRedirect oldVersion="0.0.0.0-4.0.4.1" newVersion="4.0.4.1" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="WebGrease" culture="neutral" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
  <appSettings configSource="web.appsettings.config" />
  <connectionStrings configSource="web.connections.config" />
  <log4net configSource="web.log4net.config" />
  <nlog configSource="web.nlog.config" />
  <storage configSource="web.storage.config" />
  <consumers configSource="web.consumers.config" />
  <apiClient root="/api/2.0/" scheme="Http" />
  <autofac configSource="web.autofac.config" />
  <system.web>
    <!--HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\2.0.50727.0\MaxConcurrentRequestsPerCPU=80-->
    <httpRuntime targetFramework="4.6.2" executionTimeout="3600" maxRequestLength="1048576" requestValidationMode="2.0" />
    <pages enableViewStateMac="false" validateRequest="false" enableEventValidation="false" controlRenderingCompatibilityVersion="4.7.2" clientIDMode="AutoID">
      <controls>
        <add tagPrefix="ajaxToolkit" namespace="AjaxControlToolkit" assembly="AjaxControlToolkit" />
      </controls>
      <namespaces>
        <add namespace="ASC.Web.Core.Client.Bundling" />
      </namespaces>
    </pages>
    <authentication mode="None" />
    <customErrors mode="On" defaultRedirect="500.aspx" redirectMode="ResponseRewrite">
      <error statusCode="403" redirect="403.aspx" />
      <error statusCode="404" redirect="404.aspx" />
    </customErrors>
    <globalization requestEncoding="utf-8" responseEncoding="utf-8" fileEncoding="utf-8" />
    <compilation batch="true" defaultLanguage="csharp" targetFramework="4.7.2">
      <assemblies>
        <add assembly="System.Runtime, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        <add assembly="netstandard, Version=2.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51" />
      </assemblies>
    </compilation>
    <httpModules>
      <remove name="HttpContextDispose" />
      <remove name="ApiSetup" />
      <remove name="UrlRoutingModule-4.0" />
      <remove name="BundleModule" />
      <add name="HttpContextDispose" type="ASC.Common.Web.DisposableHttpContextHttpModule, ASC.Common" />
      <add name="ApiSetup" type="ASC.Api.ApiSetupHttpModule, ASC.Api" />
      <add name="UrlRoutingModule-4.0" type="System.Web.Routing.UrlRoutingModule, System.Web" />
      <add name="BundleModule" type="System.Web.Optimization.BundleModule" />
    </httpModules>
    <httpHandlers>
      <add verb="*" path="*.less" type="dotless.Core.LessCssHttpHandler, dotless.AspNet" />
      <add verb="POST,GET" path="ajaxpro/*.ashx" type="AjaxPro.AjaxHandlerFactory, AjaxPro.2" />
      <add verb="GET" path="template.ashx" type="ASC.Web.Studio.HttpHandlers.TemplatingHandler, ASC.Web.Studio" />
      <add verb="POST,GET" path="ssologin.ashx" type="ASC.Web.Studio.HttpHandlers.SsoHandler, ASC.Web.Studio" validate="false" />
      <add verb="POST,GET" path="UploadProgress.ashx" type="ASC.Web.Studio.Controls.FileUploader.HttpModule.UploadProgressHandler, ASC.Web.Studio" />
      <add verb="POST,GET" path="ajaxupload.ashx" type="ASC.Web.Studio.HttpHandlers.AjaxFileUploadHandler, ASC.Web.Studio" />
      <add verb="POST,GET" path="fckuploader.ashx" type="ASC.Web.Studio.HttpHandlers.FCKEditorFileUploadHandler, ASC.Web.Studio" />
      <add verb="POST,GET" path="UserPhoto.ashx" type="ASC.Web.Studio.HttpHandlers.UserPhotoHandler, ASC.Web.Studio" />
      <add verb="GET" path="TenantLogo.ashx" type="ASC.Web.Studio.HttpHandlers.TenantLogoHandler, ASC.Web.Studio" />
      <add verb="POST,GET" path="KeepSessionAlive.ashx" type="ASC.Web.Studio.HttpHandlers.KeepSessionAliveHandler, ASC.Web.Studio" />
      <add verb="POST" path="ChunkedUploader.ashx" type="ASC.Web.Files.HttpHandlers.ChunkedUploaderHandler, ASC.Web.Files" />
      <add verb="GET" path="Download.ashx" type="ASC.Web.Mail.HttpHandlers.DownloadHandler, ASC.Web.Mail" />
      <add verb="GET" path="ViewDocument.ashx" type="ASC.Web.Mail.HttpHandlers.ViewDocumentHandler, ASC.Web.Mail" />
      <add verb="GET" path="EditDocument.ashx" type="ASC.Web.Mail.HttpHandlers.EditDocumentHandler, ASC.Web.Mail" />
      <add verb="GET" path="ContactPhoto.ashx" type="ASC.Web.Mail.HttpHandlers.ContactPhotoHandler, ASC.Web.Mail" />
      <add verb="GET" path="UrlProxy.ashx" type="ASC.Web.Studio.HttpHandlers.UrlProxyHandler, ASC.Web.Studio" />
      <add verb="POST" path="addons/talk/http-poll/httppoll.ashx" type="ASC.Web.Talk.HttpHandlers.HttpPollHandler, ASC.Web.Talk" />
      <add verb="POST,GET" path="addons/talk/userphoto.ashx" type="ASC.Web.Talk.HttpHandlers.UserPhotoHandler, ASC.Web.Talk" />
      <add verb="POST,GET" path="opencontact.ashx" type="ASC.Web.Talk.HttpHandlers.OpenContactHandler, ASC.Web.Talk" />
      <add verb="GET" path="wikifile.ashx" type="ASC.Web.UserControls.Wiki.Handlers.WikiFileHandler, ASC.Web.Community" />
      <add verb="GET" path="thumb.ashx" type="ASC.Web.Community.HttpHandlers.ThumbHandler, ASC.Web.Community" />
      <add path="*.less" verb="GET" type="dotless.Core.LessCssHttpHandler, dotless.AspNet" />
    </httpHandlers>
    <sessionState mode="InProc">
    </sessionState>
    <caching>
      <outputCache defaultProvider="AspNetInternalProvider">
      </outputCache>
    </caching>
  </system.web>
  <location path="storage">
    <system.webServer>
      <security>
        <requestFiltering allowDoubleEscaping="true">
          <fileExtensions>
            <clear />
          </fileExtensions>
        </requestFiltering>
      </security>
    </system.webServer>
    <system.web>
      <pages validateRequest="false" />
      <httpRuntime requestPathInvalidCharacters="" />
    </system.web>
  </location>
  <location path="api/2.0">
    <system.webServer>
      <httpProtocol>
        <customHeaders>
          <add name="Access-Control-Allow-Origin" value="*" />
        </customHeaders>
      </httpProtocol>
    </system.webServer>
  </location>
  <location path="Products/CRM/HttpHandlers/webtoleadfromhandler.ashx">
    <system.webServer>
      <httpProtocol>
        <customHeaders>
          <add name="Access-Control-Allow-Origin" value="*" />
        </customHeaders>
      </httpProtocol>
    </system.webServer>
  </location>
  <location path="Products/Files/HttpHandlers/filehandler.ashx">
    <system.webServer>
      <httpProtocol>
        <customHeaders>
          <add name="Access-Control-Allow-Origin" value="*" />
        </customHeaders>
      </httpProtocol>
    </system.webServer>
  </location>
  <location path="Products/Files/ChunkedUploader.ashx">
    <system.webServer>
      <httpProtocol>
        <customHeaders>
          <add name="Access-Control-Allow-Origin" value="*" />
          <add name="Access-Control-Allow-Headers" value="Content-Type, Content-Range, Content-Disposition, Content-Description" />
        </customHeaders>
      </httpProtocol>
    </system.webServer>
  </location>
  <location path="thirdparty/plugin">
    <system.webServer>
      <httpProtocol>
        <customHeaders>
          <add name="Access-Control-Allow-Origin" value="*" />
          <remove name="X-Frame-Options" />
        </customHeaders>
      </httpProtocol>
    </system.webServer>
  </location>
  <location path="Products/Files/DocEditor.aspx">
    <system.webServer>
      <httpProtocol>
        <customHeaders>
          <remove name="X-Frame-Options" />
        </customHeaders>
      </httpProtocol>
    </system.webServer>
  </location>
  <location path="Products/Files/FileChoice.aspx">
    <system.webServer>
      <httpProtocol>
        <customHeaders>
          <remove name="X-Frame-Options" />
        </customHeaders>
      </httpProtocol>
    </system.webServer>
  </location>
  <location path="Products/Files/SaveAs.aspx">
    <system.webServer>
      <httpProtocol>
        <customHeaders>
          <remove name="X-Frame-Options" />
        </customHeaders>
      </httpProtocol>
    </system.webServer>
  </location>
  <location path="Products/Files/Share.aspx">
    <system.webServer>
      <httpProtocol>
        <customHeaders>
          <remove name="X-Frame-Options" />
        </customHeaders>
      </httpProtocol>
    </system.webServer>
  </location>
  <location path="favicon.ico">
    <system.webServer>
      <httpProtocol>
        <customHeaders>
          <remove name="X-Frame-Options" />
        </customHeaders>
      </httpProtocol>
    </system.webServer>
  </location>
  <system.webServer>
    <httpProtocol>
      <customHeaders>
        <add name="X-Frame-Options" value="SAMEORIGIN" />
      </customHeaders>
    </httpProtocol>
    <validation validateIntegratedModeConfiguration="false" />
    <modules runAllManagedModulesForAllRequests="true">
      <remove name="WebDAVModule" />
      <remove name="HttpContextDispose" />
      <remove name="ApiSetup" />
      <remove name="UrlRoutingModule-4.0" />
      <remove name="BundleModule" />
      <add name="HttpContextDispose" type="ASC.Common.Web.DisposableHttpContextHttpModule, ASC.Common" />
      <add name="ApiSetup" preCondition="managedHandler" type="ASC.Api.ApiSetupHttpModule, ASC.Api" />
      <add name="UrlRoutingModule-4.0" type="System.Web.Routing.UrlRoutingModule, System.Web" />
      <add name="BundleModule" type="System.Web.Optimization.BundleModule" />
    </modules>
    <handlers>
      <remove name="WebDAV" />
      <remove name="less" />
      <remove name="Reso" />
      <remove name="AjaxUp" />
      <remove name="Jwt" />
      <remove name="Saml" />
      <remove name="Template" />
      <remove name="UpProgress" />
      <remove name="AjaxPro" />
      <remove name="FCKUp" />
      <remove name="UserPhoto" />
      <remove name="TenantLogo" />
      <remove name="KeepSessionAlive" />
      <remove name="Invoice" />
      <remove name="ChunkedUploader" />
      <remove name="Download" />
      <remove name="DownloadAll" />
      <remove name="ViewDocument" />
      <remove name="EditDocument" />
      <remove name="ContactPhoto" />
      <remove name="UrlProxy" />
      <remove name="TalkHttpPollHandler" />
      <remove name="TalkUserPhoto" />
      <remove name="TalkOpenContact" />
      <remove name="UrlRoutingHandler" />
      <remove name="WikFileHandler" />
      <remove name="ThumbHandler" />
      <remove name="svc-Integrated" />
      <remove name="svc-Integrated-4.0" />
      <remove name="DiscStorage" />
      <add name="less" verb="*" path="*.less" type="dotless.Core.LessCssHttpHandler, dotless.AspNet" />
      <add name="AjaxPro" verb="POST,GET" path="ajaxpro/*.ashx" type="AjaxPro.AjaxHandlerFactory, AjaxPro.2" />
      <add name="Sso" verb="POST,GET" path="ssologin.ashx" type="ASC.Web.Studio.HttpHandlers.SsoHandler, ASC.Web.Studio" />
      <add name="Template" verb="POST,GET" path="template.ashx" type="ASC.Web.Studio.HttpHandlers.TemplatingHandler, ASC.Web.Studio" />
      <add name="UpProgress" verb="POST,GET" path="UploadProgress.ashx" type="ASC.Web.Studio.Controls.FileUploader.HttpModule.UploadProgressHandler, ASC.Web.Studio" />
      <add name="AjaxUp" verb="POST,GET" path="ajaxupload.ashx" type="ASC.Web.Studio.HttpHandlers.AjaxFileUploadHandler, ASC.Web.Studio" />
      <add name="FCKUp" verb="POST,GET" path="fckuploader.ashx" type="ASC.Web.Studio.HttpHandlers.FCKEditorFileUploadHandler, ASC.Web.Studio" />
      <add name="UserPhoto" verb="POST,GET" path="UserPhoto.ashx" type="ASC.Web.Studio.HttpHandlers.UserPhotoHandler, ASC.Web.Studio" />
      <add name="TenantLogo" verb="GET" path="TenantLogo.ashx" type="ASC.Web.Studio.HttpHandlers.TenantLogoHandler, ASC.Web.Studio" />
      <add name="KeepSessionAlive" verb="POST,GET" path="KeepSessionAlive.ashx" type="ASC.Web.Studio.HttpHandlers.KeepSessionAliveHandler, ASC.Web.Studio" />
      <add name="Invoice" verb="GET,HEAD" path="tariffs/invoice.ashx" type="ASC.Web.Studio.HttpHandlers.InvoiceHandler, ASC.Web.Studio" />
      <add name="ChunkedUploader" verb="POST,OPTIONS" path="ChunkedUploader.ashx" type="ASC.Web.Files.HttpHandlers.ChunkedUploaderHandler, ASC.Web.Files" />
      <add name="Download" verb="GET" path="Download.ashx" type="ASC.Web.Mail.HttpHandlers.DownloadHandler, ASC.Web.Mail" />
      <add name="ViewDocument" verb="GET" path="ViewDocument.ashx" type="ASC.Web.Mail.HttpHandlers.ViewDocumentHandler, ASC.Web.Mail" />
      <add name="EditDocument" verb="GET" path="EditDocument.ashx" type="ASC.Web.Mail.HttpHandlers.EditDocumentHandler, ASC.Web.Mail" />
      <add name="ContactPhoto" verb="GET" path="ContactPhoto.ashx" type="ASC.Web.Mail.HttpHandlers.ContactPhotoHandler, ASC.Web.Mail" />
      <add name="UrlProxy" verb="GET" path="UrlProxy.ashx" type="ASC.Web.Studio.HttpHandlers.UrlProxyHandler, ASC.Web.Studio" />
      <add name="TalkHttpPollHandler" verb="POST" path="addons/talk/http-poll/httppoll.ashx" type="ASC.Web.Talk.HttpHandlers.HttpPollHandler, ASC.Web.Talk" />
      <add name="TalkUserPhoto" verb="POST,GET" path="addons/talk/userphoto.ashx" type="ASC.Web.Talk.HttpHandlers.UserPhotoHandler, ASC.Web.Talk" />
      <add name="TalkOpenContact" verb="POST,GET" path="opencontact.ashx" type="ASC.Web.Talk.HttpHandlers.OpenContactHandler, ASC.Web.Talk" />
      <add name="WikFileHandler" verb="GET" path="wikifile.ashx" type="ASC.Web.UserControls.Wiki.Handlers.WikiFileHandler, ASC.Web.Community" />
      <add name="ThumbHandler" verb="GET" path="thumb.ashx" type="ASC.Web.Community.HttpHandlers.ThumbHandler, ASC.Web.Community" />
      <add name="dotless" path="*.less" verb="GET" type="dotless.Core.LessCssHttpHandler,dotless.AspNet" resourceType="File" preCondition="" />
      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
      <remove name="OPTIONSVerbHandler" />
      <remove name="TRACEVerbHandler" />
      <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>
    <security>
      <requestFiltering>
        <requestLimits maxAllowedContentLength="1073741824" />
        <denyUrlSequences>
          <add sequence=".." />
        </denyUrlSequences>
        <hiddenSegments>
          <remove segment="App_Data" />
          <remove segment=".well-known\*" />
          <add segment="Certificates" />
        </hiddenSegments>
      </requestFiltering>
    </security>
    <caching>
      <profiles>
        <add extension=".ashx" policy="DontCache" kernelCachePolicy="DontCache" duration="00:01:00" />
        <add extension=".axd" policy="DontCache" kernelCachePolicy="CacheForTimePeriod" duration="00:30:00" />
      </profiles>
    </caching>
    <urlCompression doDynamicCompression="true" />
    <staticContent>
      <remove fileExtension=".tmpl" />
      <remove fileExtension=".less" />
      <remove fileExtension="*" />
      <mimeMap fileExtension=".tmpl" mimeType="text/plain" />
      <mimeMap fileExtension=".less" mimeType="text/css" />
      <mimeMap fileExtension="*" mimeType="application/octet-stream" />
    </staticContent>
    <httpCompression directory="%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files" maxDiskSpaceUsage="1500" minFileSizeForComp="256">
      <scheme name="gzip" dll="%Windir%\system32\inetsrv\gzip.dll" />
      <dynamicTypes>
        <add mimeType="text/*" enabled="true" />
        <add mimeType="message/*" enabled="true" />
        <add mimeType="application/x-javascript" enabled="true" />
        <add mimeType="application/javascript" enabled="true" />
        <add mimeType="application/json; charset=UTF-8" enabled="true" />
        <add mimeType="*/*" enabled="false" />
      </dynamicTypes>
      <staticTypes>
        <add mimeType="text/*" enabled="true" />
        <add mimeType="message/*" enabled="true" />
        <add mimeType="application/javascript" enabled="true" />
        <add mimeType="application/json" enabled="true" />
        <add mimeType="application/x-javascript" enabled="true" />
        <add mimeType="*/*" enabled="false" />
      </staticTypes>
    </httpCompression>
    <httpErrors errorMode="Custom">
      <remove statusCode="401" subStatusCode="-1" />
      <error statusCode="401" path="401.htm" responseMode="File" />
      <remove statusCode="402" subStatusCode="-1" />
      <error statusCode="402" path="402.htm" responseMode="File" />
      <remove statusCode="403" subStatusCode="-1" />
      <error statusCode="403" path="403.htm" responseMode="File" />
      <remove statusCode="404" subStatusCode="-1" />
      <error statusCode="404" path="404.htm" responseMode="File" />
      <remove statusCode="500" subStatusCode="-1" />
      <error statusCode="500" path="500.htm" responseMode="File" />
    </httpErrors>
    <rewrite>
      <rules>
        <clear />
        <rule name="INIT_SERVER_VARIABLE_FROM_PROXY" enabled="true" stopProcessing="false">
          <match url=".*" />
          <serverVariables>
            <set name="HTTP_THE_SCHEME" value="{HTTP_X_FORWARDED_PROTO}" replace="true" />
            <set name="HTTP_THE_HOST" value="{HTTP_X_FORWARDED_HOST}" replace="true" />
          </serverVariables>
          <action type="None" />
        </rule>
        <rule name="INIT_SERVER_VARIABLE_DEFAULT" enabled="true" stopProcessing="false">
          <match url=".*" />
          <conditions trackAllCaptures="true">
            <add input="{HTTPS}s" pattern="on(s)|offs" />
          </conditions>
          <serverVariables>
            <set name="HTTP_THE_SCHEME" value="http{C:1}" replace="false" />
            <set name="HTTP_THE_HOST" value="{HTTP_HOST}" replace="false" />
            <set name="HTTP_X_REWRITER_URL" value="{HTTP_THE_SCHEME}://{HTTP_THE_HOST}" replace="false" />
          </serverVariables>
          <action type="None" />
        </rule>
        <rule name="SocketIO" stopProcessing="true">
          <match url="^socketio/(.*)" />
          <conditions trackAllCaptures="true">
            <add input="{HTTPS}s" pattern="on(s)|offs" />
          </conditions>
          <action type="Rewrite" url="http://localhost:9899/{R:1}" logRewrittenUrl="false" />
          <serverVariables>
            <set name="HTTP_X_REWRITER_URL" value="http{C:1}://{HTTP_HOST}" replace="false" />
          </serverVariables>
        </rule>
        <rule name="UrlShortener" stopProcessing="true">
          <match url="^sh/(.*)" />
          <conditions trackAllCaptures="true">
            <add input="{HTTPS}s" pattern="on(s)|offs" />
          </conditions>
          <action type="Rewrite" url="http://localhost:9999/{R:1}" logRewrittenUrl="false" />
        </rule>
        <rule name="CalDav" stopProcessing="true">
          <match url="^caldav/(.*)" />
          <conditions trackAllCaptures="true">
            <add input="{HTTPS}s" pattern="on(s)|offs" />
          </conditions>
          <action type="Rewrite" url="http://localhost:5232/{R:1}" logRewrittenUrl="false" />
          <serverVariables>
            <set name="HTTP_X_REWRITER_URL" value="http{C:1}://{HTTP_HOST}" replace="false" />
            <set name="HTTP_X_SCRIPT_NAME" value="/caldav" replace="false" />
          </serverVariables>
        </rule>
        <rule name="SsoAuth" stopProcessing="true">
          <match url="sso/(.*)" />
          <conditions trackAllCaptures="true">
            <add input="{HTTPS}s" pattern="on(s)|offs" />
          </conditions>
          <action type="Rewrite" url="http://localhost:9834/{R:1}" logRewrittenUrl="false" />
          <serverVariables>
            <set name="HTTP_X_REWRITER_URL" value="http{C:1}://{HTTP_HOST}" replace="false" />
          </serverVariables>
        </rule>
        <rule name="HTTP to HTTPS" stopProcessing="true" enabled="false">
          <match url=".*" />
          <conditions>
            <add input="{HTTPS}" pattern="off" />
            <add input="{HTTP_HOST}" pattern="localhost" negate="true" />
          </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}{URL}" appendQueryString="true" redirectType="Temporary" />
        </rule>
                <rule name="SsoAuthRewrite" enabled="true" stopProcessing="true">
                    <match url="^sso\/(.*)" />
                    <conditions trackAllCaptures="true">
                        <add input="{HTTPS}s" pattern="on(s)|offs" />
                    </conditions>
                    <serverVariables>
                        <set name="HTTP_X_REWRITER_URL" value="http{C:1}://{HTTP_HOST}" replace="false" />
                    </serverVariables>
                    <action type="Rewrite" url="http://localhost:9834/sso/{R:1}" />
                </rule>
                <rule name="DocumentServerRewrite" enabled="true" stopProcessing="true">
                    <match url="^ds-vpath/(.*)" />
                    <conditions trackAllCaptures="true">
                        <add input="{HTTPS}s" pattern="on(s)|offs" />
                    </conditions>
                    <serverVariables>
                        <set name="HTTP_X_FORWARDED_PROTO" value="{HTTP_THE_SCHEME}" replace="true" />
                        <set name="HTTP_X_FORWARDED_HOST" value="{HTTP_THE_HOST}/ds-vpath" replace="true" />
                    </serverVariables>
                    <action type="Rewrite" url="http://localhost:8083/{R:1}" />
                </rule>
                <rule name="ControlPanelRewrite" enabled="true" stopProcessing="true">
                    <match url="^controlpanel(.*)" />
                    <conditions trackAllCaptures="true">
                        <add input="{HTTPS}s" pattern="on(s)|offs" />
                    </conditions>
                    <serverVariables>
                        <set name="HTTP_X_REWRITER_URL" value="http{C:1}://{HTTP_HOST}" replace="false" />
                    </serverVariables>
                    <action type="Rewrite" url="http://localhost:8082/controlpanel{R:1}" />
                </rule>
      </rules>
      <outboundRules>
        <rule name="Add the STS header in HTTPS responses" enabled="false" stopProcessing="true">
          <match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*" />
          <conditions>
            <add input="{HTTPS}" pattern="on" />
          </conditions>
          <action type="Rewrite" value="max-age=63072000" />
        </rule>
      </outboundRules>
    </rewrite>
  </system.webServer>

2 of 2 part is:

  <system.net>
    <connectionManagement>
      <add address="*" maxconnection="96" />
    </connectionManagement>
  </system.net>
  <system.codedom>
    <compilers>
      <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">
        <providerOption name="CompilerVersion" value="v4.0" />
        <providerOption name="WarnAsError" value="false" />
      </compiler>
    </compilers>
  </system.codedom>
  <system.serviceModel>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
    <client>
      <endpoint address="net.tcp://localhost:9865/teamlabJabber" binding="netTcpBinding" contract="ASC.Core.Notify.Jabber.IJabberService" bindingConfiguration="jabber" />
      <endpoint address="net.tcp://localhost:9866/teamlabIndex" binding="netTcpBinding" contract="ASC.ElasticSearch.Service.IService" bindingConfiguration="index" />
      <endpoint address="net.tcp://localhost:9871/teamlabNotify" binding="netTcpBinding" contract="ASC.Notify.INotifyService" bindingConfiguration="notify" />
      <endpoint address="net.tcp://localhost:9882/teamlabBackup" binding="netTcpBinding" contract="ASC.Core.Common.Contracts.IBackupService" bindingConfiguration="backup" />
      <endpoint address="net.tcp://localhost:9883/teamlabStorageMigrate" binding="netTcpBinding" contract="ASC.Data.Storage.Migration.IService" bindingConfiguration="migrate" />
      <endpoint address="net.tcp://localhost:9884/teamlabStorageEncryption" binding="netTcpBinding" contract="ASC.Data.Storage.Encryption.IEncryptionService" bindingConfiguration="encryption" />
      <endpoint address="net.tcp://localhost:9885/teamlabTelegram" binding="netTcpBinding" contract="ASC.Core.Common.Notify.ITelegramService" bindingConfiguration="telegram" />
      <endpoint address="net.tcp://localhost:9886/teamlabThumbnailBuilder" binding="netTcpBinding" contract="ASC.Web.Core.Files.IThumbnailBuilderService" bindingConfiguration="thumbnailBuilder" />
    </client>
    <behaviors>
      <endpointBehaviors>
        <behavior name="backup">
          <webHttp />
        </behavior>
      </endpointBehaviors>
    </behaviors>
    <bindings>
      <netTcpBinding>
        <binding name="jabber" maxReceivedMessageSize="1000000" maxBufferSize="1000000">
          <security mode="None">
            <message clientCredentialType="None" />
            <transport protectionLevel="None" clientCredentialType="None" />
          </security>
          <readerQuotas maxStringContentLength="1000000" maxArrayLength="1000000" />
        </binding>
        <binding name="index" openTimeout="0:0:10" receiveTimeout="0:0:10" sendTimeout="0:0:10" maxReceivedMessageSize="1000000">
          <security mode="None" />
          <readerQuotas maxStringContentLength="1000000" />
        </binding>
        <binding name="notify" openTimeout="0:0:10" receiveTimeout="0:0:10" sendTimeout="0:0:10" maxReceivedMessageSize="1000000">
          <security mode="None" />
          <readerQuotas maxStringContentLength="1000000" />
        </binding>
        <binding name="backup" openTimeout="0:0:10" receiveTimeout="0:0:10" sendTimeout="0:0:10">
          <security mode="None" />
          <readerQuotas maxStringContentLength="1000000" />
        </binding>
        <binding name="migrate" openTimeout="0:0:10" receiveTimeout="0:0:10" sendTimeout="0:0:10">
          <security mode="None" />
          <readerQuotas maxStringContentLength="1000000" />
        </binding>
        <binding name="encryption" openTimeout="0:0:10" receiveTimeout="0:0:10" sendTimeout="0:0:10">
          <security mode="None" />
          <readerQuotas maxStringContentLength="1000000" />
        </binding>
        <binding name="telegram" openTimeout="0:0:10" receiveTimeout="0:0:10" sendTimeout="0:0:10">
          <security mode="None" />
          <readerQuotas maxStringContentLength="1000000" />
        </binding>
        <binding name="thumbnailBuilder" openTimeout="0:0:10" receiveTimeout="0:0:10" sendTimeout="0:0:10">
          <security mode="None" />
          <readerQuotas maxStringContentLength="1000000" />
        </binding>
      </netTcpBinding>
    </bindings>
  </system.serviceModel>
  <dotless minifyCss="false" cache="true" />
  <redisCacheClient ssl="false" connectTimeout="5000" database="0" password="">
    <hosts>
      <add host="127.0.0.1" cachePort="6379" />
    </hosts>
  </redisCacheClient>
</configuration>

I sent you changed web.config file via PM. Please try to use it. After that you have to restart ONLYOFFICE Server in IIS and ONLYOFFICE Control Panel in Windows Services.
NB! Please prepare whole server backup before any server side actions just in case.

Great, the settings are now saved. I had to rename the duplicate rule “ControlPanelRewrite”, otherwise the server would not start.

I returned the “SsoAuthRewrite” rule back, everything works too.

Thanks for the help.

I had to rename the duplicate rule “ControlPanelRewrite”, otherwise the server would not start.

Sorry, my bad. I had to remove the original rule after copy\paste action. Probably it slipped from my mind.

As the result of the issue (for other users). You need to move ControlPanelRewrite rule before SsoAuth + you need to remove SsoAuthRewrite rule.
We are already working on the fix which will be placed in next Community server version.

Hi was wondering if your SSO is still working with Keycloak. We have been trying to setup over the last week with no success.
Are you able to share the web.config file ?

Hello @DownRight770
Please provide us with details, show us the error which you faced.
I have re-checked my messages in PM and found the letter which I sent to @Sunseich a few months ago. I sent you mentioned example of web.config file just in case.
Please note that you can have different issue and this file can be useless. We need take a closer look at your situation.
NB! We recommend to prepare whole server backup before any server side actions.

Here is the error we are currently getting. I ran the following tail -f *log | grep sso

2022-07-28 15:14:25,554|514|496|1.0382|Command.ExecuteReader(Default)|select u.id, u.username, u.firstname, u.lastname, u.sex, u.bithdate, u.status, u.title, u.workfromdate, u.terminateddate, u.contacts, u.email, u.location, u.notes, u.removed, u.last_modified, u.tenant, u.activation_status, u.culture, u.phone, u.phone_activation, u.sid, u.sso_name_id, u.sso_session_id, u.create_on from core_user u where last_modified >= @p0|@p0=07/28/2022 15:08:56
2022-07-28 15:14:25 - error: http://localhost/sso/generatecert Unexpected token < in JSON at position 0

I noticed that you created separated topic on the forum. I suggest to focus discussion there, I already leaved a message there.