Impossible to integrate OCIS with Authelia in web client

Hi.

I’m trying to integrate OCIS with Authelia. In desktop and iOS clients I’m redirected to Authelia and everything is OK, but when I access through web client to login page, no form is displayed nor redirection to Authelia is done. In OCIS’ logs nothing related to OIDC is printed and in Authelia’s logs there is nothing.

My compose.yml file is:

services:
  owncloud-auth:
    image: owncloud/ocis:latest
    container_name: owncloud-auth
    hostname: owncloud-auth
    restart: unless-stopped
    user: 1000:1000
    logging:
      driver: local
    environment:
      DEMO_USERS: "false"
      OCIS_INSECURE: "true"
      PROXY_TLS: "false"
      PROXY_HTTP_ADDR: 0.0.0.0:9200
      PROXY_USER_OIDC_CLAIM: preferred_username
      OCIS_URL: "https://owncloud-auth.tld"
      OCIS_LOG_LEVEL: debug
      OCIS_LOG_COLOR: "true"
      OCIS_LOG_PRETTY: "true"
      STORAGE_USERS_OCIS_ROOT: /ocisdata
      STORAGE_USERS_ID_CACHE_STORE: "nats-js-kv"
      STORAGE_USERS_ID_CACHE_STORE_NODES: "localhost:9233"
      OCIS_OIDC_ISSUER: "https://authelia.tld"
      WEB_OIDC_METADATA_URL: "https://authelia.tld/.well-known/openid-configuration"
      WEB_OIDC_AUTHORITY: "https://authelia.tld"
      WEB_OIDC_CLIENT_ID: ownCloud-web
      OCIS_OIDC_CLIENT_ID: ownCloud-web
      WEB_OIDC_SCOPE: "openid profile email groups"
      PROXY_OIDC_REWRITE_WELLKNOWN: "true"
      PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD: none
    volumes:
      - ./ocis.yaml:/etc/ocis/ocis.yaml
      - ./user-data:/ocisdata
      - ./ocis-data:/var/lib/ocis
    networks:
      - 
    dns: XXX.XXX.XXX.XXX

networks:
  my-net:
    external: true

Login page with OIDC env variables:


If I remove OIDC env vars login form appears again.

OCIS logs:

owncloud-auth  | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.api.gateway","nodes":[{"address":"127.0.0.1:9142","id":"com.owncloud.api.gateway-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"tcp"}}],"version":"7.0.0"}
owncloud-auth  | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.api.users","nodes":[{"address":"127.0.0.1:9144","id":"com.owncloud.api.users-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"tcp"}}],"version":"7.0.0"}
owncloud-auth  | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.api.auth-basic","nodes":[{"address":"127.0.0.1:9146","id":"com.owncloud.api.auth-basic-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"tcp"}}],"version":"7.0.0"}
owncloud-auth  | 2025-01-29T09:48:34Z DBG bytes=9203 duration=2.378877 line=github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27 method=GET path=/ proto=HTTP/1.1 request-id= service=web status=200
owncloud-auth  | 2025-01-29T09:48:34Z INF access-log bytes=3020 duration=7.671866 line=github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34 method=GET path=/ proto=HTTP/1.1 remote-addr=192.168.10.112 request-id=owncloud-auth/zXMku9LYtB-000116 service=proxy status=200 traceid=29c924d8ca32677dbddb5818fba1d509
owncloud-auth  | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.api.storage-publiclink","nodes":[{"address":"127.0.0.1:9178","id":"com.owncloud.api.storage-publiclink-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"tcp"}}],"version":"7.0.0"}
owncloud-auth  | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.api.auth-machine","nodes":[{"address":"127.0.0.1:9166","id":"com.owncloud.api.auth-machine-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"tcp"}}],"version":"7.0.0"}
owncloud-auth  | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.api.app-registry","nodes":[{"address":"127.0.0.1:9242","id":"com.owncloud.api.app-registry-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"tcp"}}],"version":"7.0.0"}
owncloud-auth  | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.api.app-provider","nodes":[{"address":"127.0.0.1:9164","id":"com.owncloud.api.app-provider-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"tcp"}}],"version":"7.0.0"}
owncloud-auth  | 2025-01-29T09:48:34Z DBG bytes=591 duration=0.345347 line=github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27 method=GET path=/config.json proto=HTTP/1.1 request-id=f2213f03-c438-4303-aa45-cee38929175f service=web status=200
owncloud-auth  | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.api.ocm","nodes":[{"address":"127.0.0.1:9282","id":"com.owncloud.api.ocm-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":""}}],"version":"7.0.0"}
owncloud-auth  | 2025-01-29T09:48:34Z INF access-log bytes=348 duration=5.044769 line=github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34 method=GET path=/config.json proto=HTTP/1.1 remote-addr=192.168.10.112 request-id=f2213f03-c438-4303-aa45-cee38929175f service=proxy status=200 traceid=5757e2317fbd5be024fad36740fcfb03
owncloud-auth  | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.web.ocm","nodes":[{"address":"127.0.0.1:9280","id":"com.owncloud.web.ocm-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"http","registry":"cache","server":"http","transport":"http"}}],"version":"7.0.0"}
owncloud-auth  | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.api.groups","nodes":[{"address":"127.0.0.1:9160","id":"com.owncloud.api.groups-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"tcp"}}],"version":"7.0.0"}
owncloud-auth  | 2025-01-29T09:48:34Z DBG bytes=6255 duration=1.230596 line=github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27 method=GET path=/themes/owncloud/theme.json proto=HTTP/1.1 request-id=a0b0971e-c3d6-4387-ab6b-a7ca06880c67 service=web status=200
owncloud-auth  | 2025-01-29T09:48:34Z INF access-log bytes=6255 duration=4.165448 line=github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34 method=GET path=/themes/owncloud/theme.json proto=HTTP/1.1 remote-addr=192.168.10.112 request-id=a0b0971e-c3d6-4387-ab6b-a7ca06880c67 service=proxy status=200 traceid=31108dd0ea45ba5d25d57a7c4db7184a
owncloud-auth  | 2025-01-29T09:48:34Z DBG rewrite hook found line=github.com/owncloud/ocis/v2/services/proxy/pkg/router/router.go:222 method=GET path=/app/list policy=ocis prefix=/app/list routeType=prefix service=proxy
owncloud-auth  | 2025-01-29T09:48:34Z INF skipping auth check for: /app/list line=github.com/cs3org/reva/v2@v2.27.0/internal/http/interceptors/auth/auth.go:195 pkg=rhttp service=frontend traceid=4e06806c18d9232e20ac7f0977077714
owncloud-auth  | 2025-01-29T09:48:34Z WRN core access token not set line=github.com/cs3org/reva/v2@v2.27.0/internal/http/interceptors/auth/auth.go:248 pkg=rhttp service=frontend traceid=4e06806c18d9232e20ac7f0977077714
owncloud-auth  | 2025-01-29T09:48:34Z DBG http routing: head=app tail=/list svc=app line=github.com/cs3org/reva/v2@v2.27.0/pkg/rhttp/rhttp.go:248 pkg=rhttp service=frontend
owncloud-auth  | 2025-01-29T09:48:34Z DBG skipping auth line=github.com/cs3org/reva/v2@v2.27.0/internal/grpc/interceptors/auth/auth.go:122 method=/cs3.gateway.v1beta1.GatewayAPI/ListSupportedMimeTypes pkg=rgrpc service=gateway traceid=8c545afb5de53f583c7d2249c396c254
owncloud-auth  | 2025-01-29T09:48:34Z DBG skipping auth line=github.com/cs3org/reva/v2@v2.27.0/internal/grpc/interceptors/auth/auth.go:122 method=/cs3.app.registry.v1beta1.RegistryAPI/ListSupportedMimeTypes pkg=rgrpc service=app-registry traceid=8c545afb5de53f583c7d2249c396c254
owncloud-auth  | 2025-01-29T09:48:34Z DBG unary code=OK end="29/Jan/2025:09:48:34 +0000" from=tcp://127.0.0.1:52610 line=github.com/cs3org/reva/v2@v2.27.0/internal/grpc/interceptors/log/log.go:69 pkg=rgrpc service=app-registry start="29/Jan/2025:09:48:34 +0000" time_ns=179276 traceid=8c545afb5de53f583c7d2249c396c254 uri=/cs3.app.registry.v1beta1.RegistryAPI/ListSupportedMimeTypes user-agent=grpc-go/1.68.0
owncloud-auth  | 2025-01-29T09:48:34Z DBG unary code=OK end="29/Jan/2025:09:48:34 +0000" from=tcp://127.0.0.1:43716 line=github.com/cs3org/reva/v2@v2.27.0/internal/grpc/interceptors/log/log.go:69 pkg=rgrpc service=gateway start="29/Jan/2025:09:48:34 +0000" time_ns=2721892 traceid=8c545afb5de53f583c7d2249c396c254 uri=/cs3.gateway.v1beta1.GatewayAPI/ListSupportedMimeTypes user-agent=grpc-go/1.68.0
owncloud-auth  | 2025-01-29T09:48:34Z DBG http end="29/Jan/2025:09:48:34 +0000" host=127.0.0.1 line=github.com/cs3org/reva/v2@v2.27.0/internal/http/interceptors/log/log.go:112 method=GET pkg=rhttp proto=HTTP/1.1 service=frontend size=17 start="29/Jan/2025:09:48:34 +0000" status=200 time_ns=7170132 traceid=4e06806c18d9232e20ac7f0977077714 uri=/app/list url=/list
owncloud-auth  | 2025-01-29T09:48:34Z INF access-log bytes=17 duration=9.904505 line=github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34 method=GET path=/app/list proto=HTTP/1.1 remote-addr=192.168.10.112 request-id=e548aba8-9207-46ae-815a-6d7425057565 service=proxy status=200 traceid=8c545afb5de53f583c7d2249c396c254
owncloud-auth  | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.api.sharing","nodes":[{"address":"127.0.0.1:9150","id":"com.owncloud.api.sharing-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"tcp"}}],"version":"7.0.0"}
owncloud-auth  | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.api.storage-shares","nodes":[{"address":"127.0.0.1:9154","id":"com.owncloud.api.storage-shares-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"tcp"}}],"version":"7.0.0"}
owncloud-auth  | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.api.storage-system","nodes":[{"address":"127.0.0.1:9215","id":"com.owncloud.api.storage-system-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"tcp"}}],"version":"7.0.0"}
owncloud-auth  | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.web.storage-system","nodes":[{"address":"127.0.0.1:9216","id":"com.owncloud.web.storage-system-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"http","registry":"cache","server":"http","transport":"http"}}],"version":"7.0.0"}
owncloud-auth  | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.api.auth-service","nodes":[{"address":"127.0.0.1:9199","id":"com.owncloud.api.auth-service-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"tcp"}}],"version":"7.0.0"}
owncloud-auth  | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.api.storage-users","nodes":[{"address":"127.0.0.1:9157","id":"com.owncloud.api.storage-users-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"tcp"}}],"version":"7.0.0"}
owncloud-auth  | 2025-01-29T09:48:35Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.web.frontend","nodes":[{"address":"127.0.0.1:9140","id":"com.owncloud.web.frontend-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"http","registry":"cache","server":"http","transport":"http"}}],"version":"7.0.0"}

Thanks in advance.

Hey,

i’m not sure but maybe it could be possible that the existing topic about Authelia here could give some insights:

I had checked that topic but I guess my problem is not the same. I didn’t even manage to connect to Authelia via ocis-web. In fact, I tried a lot of configuration of that topic and is not working for me