SAML - can't add certificate

Workspace
1

ONLYOFFICE cloud: Free with intention to upgrade to Business
Do you want to: Report a bug / Ask a how-to question

When adding a certificate, there is a “please wait” that takes forever and then stops. I’m using docker-compose, and I have no idea where to start to solve this. I did not use SHA1, as I assumed I could use something that’s not declared unsafe.

Goal is to make OnlyOffice SAML work with Keycloak, but not much info is available, so I’m struggling.

2

I found a log-item in the control-panel docker that may give some insight.

When ask to self-generate:

error: http_://onlyoffice-community-server/sso/generatecert Unexpected token < in JSON at position 0

When loading a private key + certificate:>

2023-04-14 10:32:43 - error: http_://onlyoffice-community-server/api/2.0/portal.json
2023-04-14 10:32:43 - error: http_://onlyoffice-community-server/api/2.0/settings/controlpanel.json
2023-04-14 10:32:43 - error: http_://onlyoffice-community-server/api/2.0/people/@self.json
2023-04-14 10:32:43 - error: http_://onlyoffice-community-server/api/2.0/settings/controlpanel.json
2023-04-14 10:32:43 - error: http_://onlyoffice-community-server/api/2.0/settings/companywhitelabel.json
2023-04-14 10:32:43 - error: http_://onlyoffice-community-server/api/2.0/people/@self.json

Still no idea how to approach this. Seemingly generatecert gets a json that contains a “<”, but no idea how to debug that.

3

Hello @vincx
Please provide us with additional information:

  1. Please point us to the guide which you used for Workspace installation process.
  2. Versions of components (Community server, Control Panel).
  3. Please reproduce the situation and record a videofile (additionaly, we need screenshots of your settings on SSO page)
  4. Please reproduce the situation and provide us with whole Community server and Control Panel logs folders.
4
  1. How to upgrade your Docker ONLYOFFICE Groups to the latest version? - ONLYOFFICE - it was just a docker-compose that I have installed a long time ago
  2. {“count”:1,“status”:0,“statusCode”:200,“response”:{“communityServer”:“12.1.0.1760”,“documentServer”:“7.3.2.8”}}
  3. The frontend stalls, because the backend gives errors. See below.
  4. See above - that was all from all the logs. The API does not provide any logging.

Screenshot 2023-04-16 at 13-28-43 SSO - Control panel
Screenshot 2023-04-16 at 13-28-43 SSO - Control panel1220×1008 52.9 KB

5

Thank you for provided data, we’re looking into it. Additionally please go to the host and run docker ps, please show us the result.
By the way, is it possible to record a videofile with your test? We would like to see all your settings on this page.

7 
 Name                          Command                  State                                                                                       Ports                                                                                
 
onlyoffice-community-server   /app/run-community-server.sh     Up             3306/tcp, 443/tcp, 0.0.0.0:5222->5222/tcp,:::5222->5222/tcp, 5280/tcp, 80/tcp, 9865/tcp, 9866/tcp, 9871/tcp, 9882/tcp, 9888/tcp                                      
onlyoffice-control-panel      /var/www/onlyoffice/contro ...   Up             443/tcp, 80/tcp                                                                                                                                                      
onlyoffice-document-server    /app/ds/run-document-server.sh   Up             443/tcp, 80/tcp                                                                                                                                                      
onlyoffice-mail-server        /bin/sh -c export CONFIGUR ...   Up             0.0.0.0:143->143/tcp,:::143->143/tcp, 0.0.0.0:25->25/tcp,:::25->25/tcp, 3306/tcp, 4190/tcp, 465/tcp, 0.0.0.0:587->587/tcp,:::587->587/tcp, 8081/tcp, 993/tcp, 995/tcp
onlyoffice-mysql-server       docker-entrypoint.sh mysql ...   Up (healthy)   3306/tcp, 33060/tcp

I can’t share the info on the screen, as it contains sensitive info. And if I empty the whole page, I get the same error

8

Some background-info. I’m using https://github.com/ONLYOFFICE/Docker-CommunityServer/blob/master/docker-compose.workspace.yml with some changes:

  • using nginx-proxy, and thus have port 80 of community-server connected to a domain name via a separate network
  • not using elasticsearch
  • having volumes in a different location ./volumes
  • MySQL 5.7 still - had to fix the sql-mode

I notice more things don’t work well. For example, changing the image for branding - it just states the image is to large whatever I upload. Backup does work.

When I directly call the API-links with curl, then it gives an error-page (starting with a <!!). It only states that an error-page should be configured, but nothing, really nothing, shows up in the logs.

So it seems the API doesn’t work correctly? ONLYOFFICE_CORE_MACHINEKEY is the same in the docker-compose.yml. Is there is way to do a self-test?

It would be good to define an error-page for the API, such that a JSON or XML is returned with an error. This would make debugging a lot easier.

9

If it’s possible, please contact me via PM and provide us with this information (private chat). We’re trying to figure out the situation and we need it for troubleshooting.

10

Solved. Docker-compose sets a domain, which should not be set when using a reverse proxy. I think the docs should mention this, as I completely overlooked this obvious thing.

It tried to connect from the controlpanel to the community-server via the docker-bridge. Unsetting this + setting the domain in the configuration solved everything.

1 Like
11

Well done, we’re glad that you managed the situation.
Please feel free to contact us if you face any issues.