ONLYOFFICE 7.0: online forms, password protection in sheets, collaboration improvements and much more
ONLYOFFICE 7.0 released

Control panel can't save SSO settings. 404 happens

Hi.

I’m try connecting onlyoffice to keycloak SSO.
Entering the configuration.
http_s://officesrv/controlpanel/sso/uploadmetadata - working
http_s://officesrv/controlpanel/sso/validatecerts - working

But when I click to “SAVE” button on SSO configuration page, I get the 404 error.

Browser console show error “http_s://officesrv/controlpanel/sso/settings” URL not found.

What could be the reason? Is there a way to manually enter configuration parameters?

Version: {“count”:1,“status”:0,“statusCode”:200,“response”:{“communityServer”:“11.6.1035”,“documentServer”:“7.0.0.132”,“xmppServer”:“11.0.63”}}
Control panel version: 3.0.389

Thanks for your help!

Hello @Sunseich
Please note that we didn’t test Keycloak SSO identity provider.
https://helpcenter.onlyoffice.com/administration/control-panel-sso-description.aspx

Please let us know your portal installation type (docker, package, exe) and provide us with screenshot of an error.

Hello, Alexandre!

Installation type is “exe”.

Yes, I’ve seen the instructions. If the system supports SAML, then there should be no problems.
I can’t understand why the settings can’t be saved. Usually there are problems with the configuration after saving the settings.

I found in “web.sso.*.log”

{“message”:“getPortalSsoConfigUrl: http_s://officesrv/ssologin.ashx?config=saml”,“level”:“debug”}
{“message”:"::1 - - [05/Apr/2022:07:18:23 +0000] “POST /uploadmetadata HTTP/1.1” 200 5945 “http_s://officesrv/controlpanel/sso” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"”,“level”:“info”}
{“message”:“getPortalSsoConfigUrl: http_s://officesrv/ssologin.ashx?config=saml”,“level”:“debug”}
{“message”:"::1 - - [05/Apr/2022:07:18:23 +0000] “POST /validatecerts HTTP/1.1” 200 1128 “http_s://officesrv/controlpanel/sso” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"”,“level”:“info”}
{“message”:“invalid route /settings”,“level”:“error”}
{“message”:“getPortal404Url: http_s://officesrv/404.aspx”,“level”:“debug”}

“invalid route /settings” is very strange.

Could you please reproduce the issue and provide us with whole Control Panel and Community server logs folders?

Also please reproduce the issue with open browser console (F12 in Google Chrome). Please check if there’re any error entries in ‘Console’ and ‘Network’ tabs. Please make screenshots.

@Sunseich
Could you please provide us with Web.config file? It’s located here: Program Files (x86)\Ascensio System SIA\CommunityServer\WebStudio

Hi, Alexandre.
File content 1 of 2 parts is:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <configSections>
    <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net" />
    <section name="nlog" type="NLog.Config.ConfigSectionHandler, NLog" />
    <section name="storage" type="ASC.Data.Storage.Configuration.StorageConfigurationSection, ASC.Data.Storage" />
    <section name="consumers" type="ASC.Core.Common.Configuration.ConsumerConfigurationSection, ASC.Core.Common" />
    <section name="apiClient" type="ASC.Api.Client.ApiClientConfiguration, ASC.Api.Client" />
    <section name="autofac" type="ASC.Common.DependencyInjection.AutofacConfigurationSection, ASC.Common" />
    <section name="dotless" type="dotless.Core.configuration.DotlessConfigurationSectionHandler, dotless.AspNet" />
    <section name="redisCacheClient" type="StackExchange.Redis.Extensions.LegacyConfiguration.RedisCachingSectionHandler, StackExchange.Redis.Extensions.LegacyConfiguration" />
  </configSections>
  <system.data>
    <DbProviderFactories>
      <clear />
      <add name="MySQL Data Provider" invariant="MySql.Data.MySqlClient" description=".Net Framework Data Provider for MySQL" type="MySql.Data.MySqlClient.MySqlClientFactory, MySql.Data" />
    </DbProviderFactories>
  </system.data>
  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Diagnostics.DiagnosticSource" culture="neutral" publicKeyToken="cc7b13ffcd2ddd51" />
        <bindingRedirect oldVersion="0.0.0.0-4.0.5.0" newVersion="4.0.5.0" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Google.Api.Gax" culture="neutral" publicKeyToken="3ec5ea7f18953e47" />
        <bindingRedirect oldVersion="0.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Google.Api.Gax.Rest" culture="neutral" publicKeyToken="3ec5ea7f18953e47" />
        <bindingRedirect oldVersion="0.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Google.Apis" culture="neutral" publicKeyToken="4b01fa6e34db77ab" />
        <bindingRedirect oldVersion="0.0.0.0-1.45.0.0" newVersion="1.45.0.0" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Google.Apis.Auth" culture="neutral" publicKeyToken="4b01fa6e34db77ab" />
        <bindingRedirect oldVersion="0.0.0.0-1.45.0.0" newVersion="1.45.0.0" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Google.Apis.Core" culture="neutral" publicKeyToken="4b01fa6e34db77ab" />
        <bindingRedirect oldVersion="0.0.0.0-1.45.0.0" newVersion="1.45.0.0" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Google.Apis.Storage.v1" culture="neutral" publicKeyToken="4b01fa6e34db77ab" />
        <bindingRedirect oldVersion="0.0.0.0-1.45.0.1911" newVersion="1.45.0.1911" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="log4net" culture="neutral" publicKeyToken="669e0ddf0bb1aa2a" />
        <bindingRedirect oldVersion="0.0.0.0-2.0.8.0" newVersion="2.0.8.0" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Microsoft.Extensions.DependencyInjection.Abstractions" culture="neutral" publicKeyToken="adb9793829ddae60" />
        <bindingRedirect oldVersion="0.0.0.0-2.1.1.0" newVersion="2.1.1.0" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed" />
        <bindingRedirect oldVersion="0.0.0.0-12.0.0.0" newVersion="12.0.0.0" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="BouncyCastle.Crypto" culture="neutral" publicKeyToken="0e99375e54769942" />
        <bindingRedirect oldVersion="0.0.0.0-1.8.10.0" newVersion="1.8.10.0" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="StackExchange.Redis.Extensions.Core" culture="neutral" publicKeyToken="d7d863643bcd13ef" />
        <bindingRedirect oldVersion="0.0.0.0-4.0.5.0" newVersion="4.0.5.0" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Buffers" culture="neutral" publicKeyToken="cc7b13ffcd2ddd51" />
        <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Memory" culture="neutral" publicKeyToken="cc7b13ffcd2ddd51" />
        <bindingRedirect oldVersion="0.0.0.0-4.0.1.1" newVersion="4.0.1.1" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" culture="neutral" publicKeyToken="b03f5f7f11d50a3a" />
        <bindingRedirect oldVersion="0.0.0.0-4.0.4.1" newVersion="4.0.4.1" />
      </dependentAssembly>
    </assemblyBinding>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="WebGrease" culture="neutral" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
  <appSettings configSource="web.appsettings.config" />
  <connectionStrings configSource="web.connections.config" />
  <log4net configSource="web.log4net.config" />
  <nlog configSource="web.nlog.config" />
  <storage configSource="web.storage.config" />
  <consumers configSource="web.consumers.config" />
  <apiClient root="/api/2.0/" scheme="Http" />
  <autofac configSource="web.autofac.config" />
  <system.web>
    <!--HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\2.0.50727.0\MaxConcurrentRequestsPerCPU=80-->
    <httpRuntime targetFramework="4.6.2" executionTimeout="3600" maxRequestLength="1048576" requestValidationMode="2.0" />
    <pages enableViewStateMac="false" validateRequest="false" enableEventValidation="false" controlRenderingCompatibilityVersion="4.7.2" clientIDMode="AutoID">
      <controls>
        <add tagPrefix="ajaxToolkit" namespace="AjaxControlToolkit" assembly="AjaxControlToolkit" />
      </controls>
      <namespaces>
        <add namespace="ASC.Web.Core.Client.Bundling" />
      </namespaces>
    </pages>
    <authentication mode="None" />
    <customErrors mode="On" defaultRedirect="500.aspx" redirectMode="ResponseRewrite">
      <error statusCode="403" redirect="403.aspx" />
      <error statusCode="404" redirect="404.aspx" />
    </customErrors>
    <globalization requestEncoding="utf-8" responseEncoding="utf-8" fileEncoding="utf-8" />
    <compilation batch="true" defaultLanguage="csharp" targetFramework="4.7.2">
      <assemblies>
        <add assembly="System.Runtime, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        <add assembly="netstandard, Version=2.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51" />
      </assemblies>
    </compilation>
    <httpModules>
      <remove name="HttpContextDispose" />
      <remove name="ApiSetup" />
      <remove name="UrlRoutingModule-4.0" />
      <remove name="BundleModule" />
      <add name="HttpContextDispose" type="ASC.Common.Web.DisposableHttpContextHttpModule, ASC.Common" />
      <add name="ApiSetup" type="ASC.Api.ApiSetupHttpModule, ASC.Api" />
      <add name="UrlRoutingModule-4.0" type="System.Web.Routing.UrlRoutingModule, System.Web" />
      <add name="BundleModule" type="System.Web.Optimization.BundleModule" />
    </httpModules>
    <httpHandlers>
      <add verb="*" path="*.less" type="dotless.Core.LessCssHttpHandler, dotless.AspNet" />
      <add verb="POST,GET" path="ajaxpro/*.ashx" type="AjaxPro.AjaxHandlerFactory, AjaxPro.2" />
      <add verb="GET" path="template.ashx" type="ASC.Web.Studio.HttpHandlers.TemplatingHandler, ASC.Web.Studio" />
      <add verb="POST,GET" path="ssologin.ashx" type="ASC.Web.Studio.HttpHandlers.SsoHandler, ASC.Web.Studio" validate="false" />
      <add verb="POST,GET" path="UploadProgress.ashx" type="ASC.Web.Studio.Controls.FileUploader.HttpModule.UploadProgressHandler, ASC.Web.Studio" />
      <add verb="POST,GET" path="ajaxupload.ashx" type="ASC.Web.Studio.HttpHandlers.AjaxFileUploadHandler, ASC.Web.Studio" />
      <add verb="POST,GET" path="fckuploader.ashx" type="ASC.Web.Studio.HttpHandlers.FCKEditorFileUploadHandler, ASC.Web.Studio" />
      <add verb="POST,GET" path="UserPhoto.ashx" type="ASC.Web.Studio.HttpHandlers.UserPhotoHandler, ASC.Web.Studio" />
      <add verb="GET" path="TenantLogo.ashx" type="ASC.Web.Studio.HttpHandlers.TenantLogoHandler, ASC.Web.Studio" />
      <add verb="POST,GET" path="KeepSessionAlive.ashx" type="ASC.Web.Studio.HttpHandlers.KeepSessionAliveHandler, ASC.Web.Studio" />
      <add verb="POST" path="ChunkedUploader.ashx" type="ASC.Web.Files.HttpHandlers.ChunkedUploaderHandler, ASC.Web.Files" />
      <add verb="GET" path="Download.ashx" type="ASC.Web.Mail.HttpHandlers.DownloadHandler, ASC.Web.Mail" />
      <add verb="GET" path="ViewDocument.ashx" type="ASC.Web.Mail.HttpHandlers.ViewDocumentHandler, ASC.Web.Mail" />
      <add verb="GET" path="EditDocument.ashx" type="ASC.Web.Mail.HttpHandlers.EditDocumentHandler, ASC.Web.Mail" />
      <add verb="GET" path="ContactPhoto.ashx" type="ASC.Web.Mail.HttpHandlers.ContactPhotoHandler, ASC.Web.Mail" />
      <add verb="GET" path="UrlProxy.ashx" type="ASC.Web.Studio.HttpHandlers.UrlProxyHandler, ASC.Web.Studio" />
      <add verb="POST" path="addons/talk/http-poll/httppoll.ashx" type="ASC.Web.Talk.HttpHandlers.HttpPollHandler, ASC.Web.Talk" />
      <add verb="POST,GET" path="addons/talk/userphoto.ashx" type="ASC.Web.Talk.HttpHandlers.UserPhotoHandler, ASC.Web.Talk" />
      <add verb="POST,GET" path="opencontact.ashx" type="ASC.Web.Talk.HttpHandlers.OpenContactHandler, ASC.Web.Talk" />
      <add verb="GET" path="wikifile.ashx" type="ASC.Web.UserControls.Wiki.Handlers.WikiFileHandler, ASC.Web.Community" />
      <add verb="GET" path="thumb.ashx" type="ASC.Web.Community.HttpHandlers.ThumbHandler, ASC.Web.Community" />
      <add path="*.less" verb="GET" type="dotless.Core.LessCssHttpHandler, dotless.AspNet" />
    </httpHandlers>
    <sessionState mode="InProc">
    </sessionState>
    <caching>
      <outputCache defaultProvider="AspNetInternalProvider">
      </outputCache>
    </caching>
  </system.web>
  <location path="storage">
    <system.webServer>
      <security>
        <requestFiltering allowDoubleEscaping="true">
          <fileExtensions>
            <clear />
          </fileExtensions>
        </requestFiltering>
      </security>
    </system.webServer>
    <system.web>
      <pages validateRequest="false" />
      <httpRuntime requestPathInvalidCharacters="" />
    </system.web>
  </location>
  <location path="api/2.0">
    <system.webServer>
      <httpProtocol>
        <customHeaders>
          <add name="Access-Control-Allow-Origin" value="*" />
        </customHeaders>
      </httpProtocol>
    </system.webServer>
  </location>
  <location path="Products/CRM/HttpHandlers/webtoleadfromhandler.ashx">
    <system.webServer>
      <httpProtocol>
        <customHeaders>
          <add name="Access-Control-Allow-Origin" value="*" />
        </customHeaders>
      </httpProtocol>
    </system.webServer>
  </location>
  <location path="Products/Files/HttpHandlers/filehandler.ashx">
    <system.webServer>
      <httpProtocol>
        <customHeaders>
          <add name="Access-Control-Allow-Origin" value="*" />
        </customHeaders>
      </httpProtocol>
    </system.webServer>
  </location>
  <location path="Products/Files/ChunkedUploader.ashx">
    <system.webServer>
      <httpProtocol>
        <customHeaders>
          <add name="Access-Control-Allow-Origin" value="*" />
          <add name="Access-Control-Allow-Headers" value="Content-Type, Content-Range, Content-Disposition, Content-Description" />
        </customHeaders>
      </httpProtocol>
    </system.webServer>
  </location>
  <location path="thirdparty/plugin">
    <system.webServer>
      <httpProtocol>
        <customHeaders>
          <add name="Access-Control-Allow-Origin" value="*" />
          <remove name="X-Frame-Options" />
        </customHeaders>
      </httpProtocol>
    </system.webServer>
  </location>
  <location path="Products/Files/DocEditor.aspx">
    <system.webServer>
      <httpProtocol>
        <customHeaders>
          <remove name="X-Frame-Options" />
        </customHeaders>
      </httpProtocol>
    </system.webServer>
  </location>
  <location path="Products/Files/FileChoice.aspx">
    <system.webServer>
      <httpProtocol>
        <customHeaders>
          <remove name="X-Frame-Options" />
        </customHeaders>
      </httpProtocol>
    </system.webServer>
  </location>
  <location path="Products/Files/SaveAs.aspx">
    <system.webServer>
      <httpProtocol>
        <customHeaders>
          <remove name="X-Frame-Options" />
        </customHeaders>
      </httpProtocol>
    </system.webServer>
  </location>
  <location path="Products/Files/Share.aspx">
    <system.webServer>
      <httpProtocol>
        <customHeaders>
          <remove name="X-Frame-Options" />
        </customHeaders>
      </httpProtocol>
    </system.webServer>
  </location>
  <location path="favicon.ico">
    <system.webServer>
      <httpProtocol>
        <customHeaders>
          <remove name="X-Frame-Options" />
        </customHeaders>
      </httpProtocol>
    </system.webServer>
  </location>
  <system.webServer>
    <httpProtocol>
      <customHeaders>
        <add name="X-Frame-Options" value="SAMEORIGIN" />
      </customHeaders>
    </httpProtocol>
    <validation validateIntegratedModeConfiguration="false" />
    <modules runAllManagedModulesForAllRequests="true">
      <remove name="WebDAVModule" />
      <remove name="HttpContextDispose" />
      <remove name="ApiSetup" />
      <remove name="UrlRoutingModule-4.0" />
      <remove name="BundleModule" />
      <add name="HttpContextDispose" type="ASC.Common.Web.DisposableHttpContextHttpModule, ASC.Common" />
      <add name="ApiSetup" preCondition="managedHandler" type="ASC.Api.ApiSetupHttpModule, ASC.Api" />
      <add name="UrlRoutingModule-4.0" type="System.Web.Routing.UrlRoutingModule, System.Web" />
      <add name="BundleModule" type="System.Web.Optimization.BundleModule" />
    </modules>
    <handlers>
      <remove name="WebDAV" />
      <remove name="less" />
      <remove name="Reso" />
      <remove name="AjaxUp" />
      <remove name="Jwt" />
      <remove name="Saml" />
      <remove name="Template" />
      <remove name="UpProgress" />
      <remove name="AjaxPro" />
      <remove name="FCKUp" />
      <remove name="UserPhoto" />
      <remove name="TenantLogo" />
      <remove name="KeepSessionAlive" />
      <remove name="Invoice" />
      <remove name="ChunkedUploader" />
      <remove name="Download" />
      <remove name="DownloadAll" />
      <remove name="ViewDocument" />
      <remove name="EditDocument" />
      <remove name="ContactPhoto" />
      <remove name="UrlProxy" />
      <remove name="TalkHttpPollHandler" />
      <remove name="TalkUserPhoto" />
      <remove name="TalkOpenContact" />
      <remove name="UrlRoutingHandler" />
      <remove name="WikFileHandler" />
      <remove name="ThumbHandler" />
      <remove name="svc-Integrated" />
      <remove name="svc-Integrated-4.0" />
      <remove name="DiscStorage" />
      <add name="less" verb="*" path="*.less" type="dotless.Core.LessCssHttpHandler, dotless.AspNet" />
      <add name="AjaxPro" verb="POST,GET" path="ajaxpro/*.ashx" type="AjaxPro.AjaxHandlerFactory, AjaxPro.2" />
      <add name="Sso" verb="POST,GET" path="ssologin.ashx" type="ASC.Web.Studio.HttpHandlers.SsoHandler, ASC.Web.Studio" />
      <add name="Template" verb="POST,GET" path="template.ashx" type="ASC.Web.Studio.HttpHandlers.TemplatingHandler, ASC.Web.Studio" />
      <add name="UpProgress" verb="POST,GET" path="UploadProgress.ashx" type="ASC.Web.Studio.Controls.FileUploader.HttpModule.UploadProgressHandler, ASC.Web.Studio" />
      <add name="AjaxUp" verb="POST,GET" path="ajaxupload.ashx" type="ASC.Web.Studio.HttpHandlers.AjaxFileUploadHandler, ASC.Web.Studio" />
      <add name="FCKUp" verb="POST,GET" path="fckuploader.ashx" type="ASC.Web.Studio.HttpHandlers.FCKEditorFileUploadHandler, ASC.Web.Studio" />
      <add name="UserPhoto" verb="POST,GET" path="UserPhoto.ashx" type="ASC.Web.Studio.HttpHandlers.UserPhotoHandler, ASC.Web.Studio" />
      <add name="TenantLogo" verb="GET" path="TenantLogo.ashx" type="ASC.Web.Studio.HttpHandlers.TenantLogoHandler, ASC.Web.Studio" />
      <add name="KeepSessionAlive" verb="POST,GET" path="KeepSessionAlive.ashx" type="ASC.Web.Studio.HttpHandlers.KeepSessionAliveHandler, ASC.Web.Studio" />
      <add name="Invoice" verb="GET,HEAD" path="tariffs/invoice.ashx" type="ASC.Web.Studio.HttpHandlers.InvoiceHandler, ASC.Web.Studio" />
      <add name="ChunkedUploader" verb="POST,OPTIONS" path="ChunkedUploader.ashx" type="ASC.Web.Files.HttpHandlers.ChunkedUploaderHandler, ASC.Web.Files" />
      <add name="Download" verb="GET" path="Download.ashx" type="ASC.Web.Mail.HttpHandlers.DownloadHandler, ASC.Web.Mail" />
      <add name="ViewDocument" verb="GET" path="ViewDocument.ashx" type="ASC.Web.Mail.HttpHandlers.ViewDocumentHandler, ASC.Web.Mail" />
      <add name="EditDocument" verb="GET" path="EditDocument.ashx" type="ASC.Web.Mail.HttpHandlers.EditDocumentHandler, ASC.Web.Mail" />
      <add name="ContactPhoto" verb="GET" path="ContactPhoto.ashx" type="ASC.Web.Mail.HttpHandlers.ContactPhotoHandler, ASC.Web.Mail" />
      <add name="UrlProxy" verb="GET" path="UrlProxy.ashx" type="ASC.Web.Studio.HttpHandlers.UrlProxyHandler, ASC.Web.Studio" />
      <add name="TalkHttpPollHandler" verb="POST" path="addons/talk/http-poll/httppoll.ashx" type="ASC.Web.Talk.HttpHandlers.HttpPollHandler, ASC.Web.Talk" />
      <add name="TalkUserPhoto" verb="POST,GET" path="addons/talk/userphoto.ashx" type="ASC.Web.Talk.HttpHandlers.UserPhotoHandler, ASC.Web.Talk" />
      <add name="TalkOpenContact" verb="POST,GET" path="opencontact.ashx" type="ASC.Web.Talk.HttpHandlers.OpenContactHandler, ASC.Web.Talk" />
      <add name="WikFileHandler" verb="GET" path="wikifile.ashx" type="ASC.Web.UserControls.Wiki.Handlers.WikiFileHandler, ASC.Web.Community" />
      <add name="ThumbHandler" verb="GET" path="thumb.ashx" type="ASC.Web.Community.HttpHandlers.ThumbHandler, ASC.Web.Community" />
      <add name="dotless" path="*.less" verb="GET" type="dotless.Core.LessCssHttpHandler,dotless.AspNet" resourceType="File" preCondition="" />
      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
      <remove name="OPTIONSVerbHandler" />
      <remove name="TRACEVerbHandler" />
      <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>
    <security>
      <requestFiltering>
        <requestLimits maxAllowedContentLength="1073741824" />
        <denyUrlSequences>
          <add sequence=".." />
        </denyUrlSequences>
        <hiddenSegments>
          <remove segment="App_Data" />
          <remove segment=".well-known\*" />
          <add segment="Certificates" />
        </hiddenSegments>
      </requestFiltering>
    </security>
    <caching>
      <profiles>
        <add extension=".ashx" policy="DontCache" kernelCachePolicy="DontCache" duration="00:01:00" />
        <add extension=".axd" policy="DontCache" kernelCachePolicy="CacheForTimePeriod" duration="00:30:00" />
      </profiles>
    </caching>
    <urlCompression doDynamicCompression="true" />
    <staticContent>
      <remove fileExtension=".tmpl" />
      <remove fileExtension=".less" />
      <remove fileExtension="*" />
      <mimeMap fileExtension=".tmpl" mimeType="text/plain" />
      <mimeMap fileExtension=".less" mimeType="text/css" />
      <mimeMap fileExtension="*" mimeType="application/octet-stream" />
    </staticContent>
    <httpCompression directory="%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files" maxDiskSpaceUsage="1500" minFileSizeForComp="256">
      <scheme name="gzip" dll="%Windir%\system32\inetsrv\gzip.dll" />
      <dynamicTypes>
        <add mimeType="text/*" enabled="true" />
        <add mimeType="message/*" enabled="true" />
        <add mimeType="application/x-javascript" enabled="true" />
        <add mimeType="application/javascript" enabled="true" />
        <add mimeType="application/json; charset=UTF-8" enabled="true" />
        <add mimeType="*/*" enabled="false" />
      </dynamicTypes>
      <staticTypes>
        <add mimeType="text/*" enabled="true" />
        <add mimeType="message/*" enabled="true" />
        <add mimeType="application/javascript" enabled="true" />
        <add mimeType="application/json" enabled="true" />
        <add mimeType="application/x-javascript" enabled="true" />
        <add mimeType="*/*" enabled="false" />
      </staticTypes>
    </httpCompression>
    <httpErrors errorMode="Custom">
      <remove statusCode="401" subStatusCode="-1" />
      <error statusCode="401" path="401.htm" responseMode="File" />
      <remove statusCode="402" subStatusCode="-1" />
      <error statusCode="402" path="402.htm" responseMode="File" />
      <remove statusCode="403" subStatusCode="-1" />
      <error statusCode="403" path="403.htm" responseMode="File" />
      <remove statusCode="404" subStatusCode="-1" />
      <error statusCode="404" path="404.htm" responseMode="File" />
      <remove statusCode="500" subStatusCode="-1" />
      <error statusCode="500" path="500.htm" responseMode="File" />
    </httpErrors>
    <rewrite>
      <rules>
        <clear />
        <rule name="INIT_SERVER_VARIABLE_FROM_PROXY" enabled="true" stopProcessing="false">
          <match url=".*" />
          <serverVariables>
            <set name="HTTP_THE_SCHEME" value="{HTTP_X_FORWARDED_PROTO}" replace="true" />
            <set name="HTTP_THE_HOST" value="{HTTP_X_FORWARDED_HOST}" replace="true" />
          </serverVariables>
          <action type="None" />
        </rule>
        <rule name="INIT_SERVER_VARIABLE_DEFAULT" enabled="true" stopProcessing="false">
          <match url=".*" />
          <conditions trackAllCaptures="true">
            <add input="{HTTPS}s" pattern="on(s)|offs" />
          </conditions>
          <serverVariables>
            <set name="HTTP_THE_SCHEME" value="http{C:1}" replace="false" />
            <set name="HTTP_THE_HOST" value="{HTTP_HOST}" replace="false" />
            <set name="HTTP_X_REWRITER_URL" value="{HTTP_THE_SCHEME}://{HTTP_THE_HOST}" replace="false" />
          </serverVariables>
          <action type="None" />
        </rule>
        <rule name="SocketIO" stopProcessing="true">
          <match url="^socketio/(.*)" />
          <conditions trackAllCaptures="true">
            <add input="{HTTPS}s" pattern="on(s)|offs" />
          </conditions>
          <action type="Rewrite" url="http://localhost:9899/{R:1}" logRewrittenUrl="false" />
          <serverVariables>
            <set name="HTTP_X_REWRITER_URL" value="http{C:1}://{HTTP_HOST}" replace="false" />
          </serverVariables>
        </rule>
        <rule name="UrlShortener" stopProcessing="true">
          <match url="^sh/(.*)" />
          <conditions trackAllCaptures="true">
            <add input="{HTTPS}s" pattern="on(s)|offs" />
          </conditions>
          <action type="Rewrite" url="http://localhost:9999/{R:1}" logRewrittenUrl="false" />
        </rule>
        <rule name="CalDav" stopProcessing="true">
          <match url="^caldav/(.*)" />
          <conditions trackAllCaptures="true">
            <add input="{HTTPS}s" pattern="on(s)|offs" />
          </conditions>
          <action type="Rewrite" url="http://localhost:5232/{R:1}" logRewrittenUrl="false" />
          <serverVariables>
            <set name="HTTP_X_REWRITER_URL" value="http{C:1}://{HTTP_HOST}" replace="false" />
            <set name="HTTP_X_SCRIPT_NAME" value="/caldav" replace="false" />
          </serverVariables>
        </rule>
        <rule name="SsoAuth" stopProcessing="true">
          <match url="sso/(.*)" />
          <conditions trackAllCaptures="true">
            <add input="{HTTPS}s" pattern="on(s)|offs" />
          </conditions>
          <action type="Rewrite" url="http://localhost:9834/{R:1}" logRewrittenUrl="false" />
          <serverVariables>
            <set name="HTTP_X_REWRITER_URL" value="http{C:1}://{HTTP_HOST}" replace="false" />
          </serverVariables>
        </rule>
        <rule name="HTTP to HTTPS" stopProcessing="true" enabled="false">
          <match url=".*" />
          <conditions>
            <add input="{HTTPS}" pattern="off" />
            <add input="{HTTP_HOST}" pattern="localhost" negate="true" />
          </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}{URL}" appendQueryString="true" redirectType="Temporary" />
        </rule>
                <rule name="SsoAuthRewrite" enabled="true" stopProcessing="true">
                    <match url="^sso\/(.*)" />
                    <conditions trackAllCaptures="true">
                        <add input="{HTTPS}s" pattern="on(s)|offs" />
                    </conditions>
                    <serverVariables>
                        <set name="HTTP_X_REWRITER_URL" value="http{C:1}://{HTTP_HOST}" replace="false" />
                    </serverVariables>
                    <action type="Rewrite" url="http://localhost:9834/sso/{R:1}" />
                </rule>
                <rule name="DocumentServerRewrite" enabled="true" stopProcessing="true">
                    <match url="^ds-vpath/(.*)" />
                    <conditions trackAllCaptures="true">
                        <add input="{HTTPS}s" pattern="on(s)|offs" />
                    </conditions>
                    <serverVariables>
                        <set name="HTTP_X_FORWARDED_PROTO" value="{HTTP_THE_SCHEME}" replace="true" />
                        <set name="HTTP_X_FORWARDED_HOST" value="{HTTP_THE_HOST}/ds-vpath" replace="true" />
                    </serverVariables>
                    <action type="Rewrite" url="http://localhost:8083/{R:1}" />
                </rule>
                <rule name="ControlPanelRewrite" enabled="true" stopProcessing="true">
                    <match url="^controlpanel(.*)" />
                    <conditions trackAllCaptures="true">
                        <add input="{HTTPS}s" pattern="on(s)|offs" />
                    </conditions>
                    <serverVariables>
                        <set name="HTTP_X_REWRITER_URL" value="http{C:1}://{HTTP_HOST}" replace="false" />
                    </serverVariables>
                    <action type="Rewrite" url="http://localhost:8082/controlpanel{R:1}" />
                </rule>
      </rules>
      <outboundRules>
        <rule name="Add the STS header in HTTPS responses" enabled="false" stopProcessing="true">
          <match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*" />
          <conditions>
            <add input="{HTTPS}" pattern="on" />
          </conditions>
          <action type="Rewrite" value="max-age=63072000" />
        </rule>
      </outboundRules>
    </rewrite>
  </system.webServer>

2 of 2 part is:

  <system.net>
    <connectionManagement>
      <add address="*" maxconnection="96" />
    </connectionManagement>
  </system.net>
  <system.codedom>
    <compilers>
      <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">
        <providerOption name="CompilerVersion" value="v4.0" />
        <providerOption name="WarnAsError" value="false" />
      </compiler>
    </compilers>
  </system.codedom>
  <system.serviceModel>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
    <client>
      <endpoint address="net.tcp://localhost:9865/teamlabJabber" binding="netTcpBinding" contract="ASC.Core.Notify.Jabber.IJabberService" bindingConfiguration="jabber" />
      <endpoint address="net.tcp://localhost:9866/teamlabIndex" binding="netTcpBinding" contract="ASC.ElasticSearch.Service.IService" bindingConfiguration="index" />
      <endpoint address="net.tcp://localhost:9871/teamlabNotify" binding="netTcpBinding" contract="ASC.Notify.INotifyService" bindingConfiguration="notify" />
      <endpoint address="net.tcp://localhost:9882/teamlabBackup" binding="netTcpBinding" contract="ASC.Core.Common.Contracts.IBackupService" bindingConfiguration="backup" />
      <endpoint address="net.tcp://localhost:9883/teamlabStorageMigrate" binding="netTcpBinding" contract="ASC.Data.Storage.Migration.IService" bindingConfiguration="migrate" />
      <endpoint address="net.tcp://localhost:9884/teamlabStorageEncryption" binding="netTcpBinding" contract="ASC.Data.Storage.Encryption.IEncryptionService" bindingConfiguration="encryption" />
      <endpoint address="net.tcp://localhost:9885/teamlabTelegram" binding="netTcpBinding" contract="ASC.Core.Common.Notify.ITelegramService" bindingConfiguration="telegram" />
      <endpoint address="net.tcp://localhost:9886/teamlabThumbnailBuilder" binding="netTcpBinding" contract="ASC.Web.Core.Files.IThumbnailBuilderService" bindingConfiguration="thumbnailBuilder" />
    </client>
    <behaviors>
      <endpointBehaviors>
        <behavior name="backup">
          <webHttp />
        </behavior>
      </endpointBehaviors>
    </behaviors>
    <bindings>
      <netTcpBinding>
        <binding name="jabber" maxReceivedMessageSize="1000000" maxBufferSize="1000000">
          <security mode="None">
            <message clientCredentialType="None" />
            <transport protectionLevel="None" clientCredentialType="None" />
          </security>
          <readerQuotas maxStringContentLength="1000000" maxArrayLength="1000000" />
        </binding>
        <binding name="index" openTimeout="0:0:10" receiveTimeout="0:0:10" sendTimeout="0:0:10" maxReceivedMessageSize="1000000">
          <security mode="None" />
          <readerQuotas maxStringContentLength="1000000" />
        </binding>
        <binding name="notify" openTimeout="0:0:10" receiveTimeout="0:0:10" sendTimeout="0:0:10" maxReceivedMessageSize="1000000">
          <security mode="None" />
          <readerQuotas maxStringContentLength="1000000" />
        </binding>
        <binding name="backup" openTimeout="0:0:10" receiveTimeout="0:0:10" sendTimeout="0:0:10">
          <security mode="None" />
          <readerQuotas maxStringContentLength="1000000" />
        </binding>
        <binding name="migrate" openTimeout="0:0:10" receiveTimeout="0:0:10" sendTimeout="0:0:10">
          <security mode="None" />
          <readerQuotas maxStringContentLength="1000000" />
        </binding>
        <binding name="encryption" openTimeout="0:0:10" receiveTimeout="0:0:10" sendTimeout="0:0:10">
          <security mode="None" />
          <readerQuotas maxStringContentLength="1000000" />
        </binding>
        <binding name="telegram" openTimeout="0:0:10" receiveTimeout="0:0:10" sendTimeout="0:0:10">
          <security mode="None" />
          <readerQuotas maxStringContentLength="1000000" />
        </binding>
        <binding name="thumbnailBuilder" openTimeout="0:0:10" receiveTimeout="0:0:10" sendTimeout="0:0:10">
          <security mode="None" />
          <readerQuotas maxStringContentLength="1000000" />
        </binding>
      </netTcpBinding>
    </bindings>
  </system.serviceModel>
  <dotless minifyCss="false" cache="true" />
  <redisCacheClient ssl="false" connectTimeout="5000" database="0" password="">
    <hosts>
      <add host="127.0.0.1" cachePort="6379" />
    </hosts>
  </redisCacheClient>
</configuration>

I sent you changed web.config file via PM. Please try to use it. After that you have to restart ONLYOFFICE Server in IIS and ONLYOFFICE Control Panel in Windows Services.
NB! Please prepare whole server backup before any server side actions just in case.

Great, the settings are now saved. I had to rename the duplicate rule “ControlPanelRewrite”, otherwise the server would not start.

I returned the “SsoAuthRewrite” rule back, everything works too.

Thanks for the help.

I had to rename the duplicate rule “ControlPanelRewrite”, otherwise the server would not start.

Sorry, my bad. I had to remove the original rule after copy\paste action. Probably it slipped from my mind.

As the result of the issue (for other users). You need to move ControlPanelRewrite rule before SsoAuth + you need to remove SsoAuthRewrite rule.
We are already working on the fix which will be placed in next Community server version.