Hi.
I’m trying to integrate OCIS with Authelia. In desktop and iOS clients I’m redirected to Authelia and everything is OK, but when I access through web client to login page, no form is displayed nor redirection to Authelia is done. In OCIS’ logs nothing related to OIDC is printed and in Authelia’s logs there is nothing.
My compose.yml file is:
services:
owncloud-auth:
image: owncloud/ocis:latest
container_name: owncloud-auth
hostname: owncloud-auth
restart: unless-stopped
user: 1000:1000
logging:
driver: local
environment:
DEMO_USERS: "false"
OCIS_INSECURE: "true"
PROXY_TLS: "false"
PROXY_HTTP_ADDR: 0.0.0.0:9200
PROXY_USER_OIDC_CLAIM: preferred_username
OCIS_URL: "https://owncloud-auth.tld"
OCIS_LOG_LEVEL: debug
OCIS_LOG_COLOR: "true"
OCIS_LOG_PRETTY: "true"
STORAGE_USERS_OCIS_ROOT: /ocisdata
STORAGE_USERS_ID_CACHE_STORE: "nats-js-kv"
STORAGE_USERS_ID_CACHE_STORE_NODES: "localhost:9233"
OCIS_OIDC_ISSUER: "https://authelia.tld"
WEB_OIDC_METADATA_URL: "https://authelia.tld/.well-known/openid-configuration"
WEB_OIDC_AUTHORITY: "https://authelia.tld"
WEB_OIDC_CLIENT_ID: ownCloud-web
OCIS_OIDC_CLIENT_ID: ownCloud-web
WEB_OIDC_SCOPE: "openid profile email groups"
PROXY_OIDC_REWRITE_WELLKNOWN: "true"
PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD: none
volumes:
- ./ocis.yaml:/etc/ocis/ocis.yaml
- ./user-data:/ocisdata
- ./ocis-data:/var/lib/ocis
networks:
-
dns: XXX.XXX.XXX.XXX
networks:
my-net:
external: true
Login page with OIDC env variables:
If I remove OIDC env vars login form appears again.
OCIS logs:
owncloud-auth | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.api.gateway","nodes":[{"address":"127.0.0.1:9142","id":"com.owncloud.api.gateway-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"tcp"}}],"version":"7.0.0"}
owncloud-auth | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.api.users","nodes":[{"address":"127.0.0.1:9144","id":"com.owncloud.api.users-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"tcp"}}],"version":"7.0.0"}
owncloud-auth | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.api.auth-basic","nodes":[{"address":"127.0.0.1:9146","id":"com.owncloud.api.auth-basic-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"tcp"}}],"version":"7.0.0"}
owncloud-auth | 2025-01-29T09:48:34Z DBG bytes=9203 duration=2.378877 line=github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27 method=GET path=/ proto=HTTP/1.1 request-id= service=web status=200
owncloud-auth | 2025-01-29T09:48:34Z INF access-log bytes=3020 duration=7.671866 line=github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34 method=GET path=/ proto=HTTP/1.1 remote-addr=192.168.10.112 request-id=owncloud-auth/zXMku9LYtB-000116 service=proxy status=200 traceid=29c924d8ca32677dbddb5818fba1d509
owncloud-auth | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.api.storage-publiclink","nodes":[{"address":"127.0.0.1:9178","id":"com.owncloud.api.storage-publiclink-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"tcp"}}],"version":"7.0.0"}
owncloud-auth | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.api.auth-machine","nodes":[{"address":"127.0.0.1:9166","id":"com.owncloud.api.auth-machine-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"tcp"}}],"version":"7.0.0"}
owncloud-auth | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.api.app-registry","nodes":[{"address":"127.0.0.1:9242","id":"com.owncloud.api.app-registry-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"tcp"}}],"version":"7.0.0"}
owncloud-auth | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.api.app-provider","nodes":[{"address":"127.0.0.1:9164","id":"com.owncloud.api.app-provider-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"tcp"}}],"version":"7.0.0"}
owncloud-auth | 2025-01-29T09:48:34Z DBG bytes=591 duration=0.345347 line=github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27 method=GET path=/config.json proto=HTTP/1.1 request-id=f2213f03-c438-4303-aa45-cee38929175f service=web status=200
owncloud-auth | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.api.ocm","nodes":[{"address":"127.0.0.1:9282","id":"com.owncloud.api.ocm-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":""}}],"version":"7.0.0"}
owncloud-auth | 2025-01-29T09:48:34Z INF access-log bytes=348 duration=5.044769 line=github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34 method=GET path=/config.json proto=HTTP/1.1 remote-addr=192.168.10.112 request-id=f2213f03-c438-4303-aa45-cee38929175f service=proxy status=200 traceid=5757e2317fbd5be024fad36740fcfb03
owncloud-auth | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.web.ocm","nodes":[{"address":"127.0.0.1:9280","id":"com.owncloud.web.ocm-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"http","registry":"cache","server":"http","transport":"http"}}],"version":"7.0.0"}
owncloud-auth | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.api.groups","nodes":[{"address":"127.0.0.1:9160","id":"com.owncloud.api.groups-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"tcp"}}],"version":"7.0.0"}
owncloud-auth | 2025-01-29T09:48:34Z DBG bytes=6255 duration=1.230596 line=github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27 method=GET path=/themes/owncloud/theme.json proto=HTTP/1.1 request-id=a0b0971e-c3d6-4387-ab6b-a7ca06880c67 service=web status=200
owncloud-auth | 2025-01-29T09:48:34Z INF access-log bytes=6255 duration=4.165448 line=github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34 method=GET path=/themes/owncloud/theme.json proto=HTTP/1.1 remote-addr=192.168.10.112 request-id=a0b0971e-c3d6-4387-ab6b-a7ca06880c67 service=proxy status=200 traceid=31108dd0ea45ba5d25d57a7c4db7184a
owncloud-auth | 2025-01-29T09:48:34Z DBG rewrite hook found line=github.com/owncloud/ocis/v2/services/proxy/pkg/router/router.go:222 method=GET path=/app/list policy=ocis prefix=/app/list routeType=prefix service=proxy
owncloud-auth | 2025-01-29T09:48:34Z INF skipping auth check for: /app/list line=github.com/cs3org/reva/v2@v2.27.0/internal/http/interceptors/auth/auth.go:195 pkg=rhttp service=frontend traceid=4e06806c18d9232e20ac7f0977077714
owncloud-auth | 2025-01-29T09:48:34Z WRN core access token not set line=github.com/cs3org/reva/v2@v2.27.0/internal/http/interceptors/auth/auth.go:248 pkg=rhttp service=frontend traceid=4e06806c18d9232e20ac7f0977077714
owncloud-auth | 2025-01-29T09:48:34Z DBG http routing: head=app tail=/list svc=app line=github.com/cs3org/reva/v2@v2.27.0/pkg/rhttp/rhttp.go:248 pkg=rhttp service=frontend
owncloud-auth | 2025-01-29T09:48:34Z DBG skipping auth line=github.com/cs3org/reva/v2@v2.27.0/internal/grpc/interceptors/auth/auth.go:122 method=/cs3.gateway.v1beta1.GatewayAPI/ListSupportedMimeTypes pkg=rgrpc service=gateway traceid=8c545afb5de53f583c7d2249c396c254
owncloud-auth | 2025-01-29T09:48:34Z DBG skipping auth line=github.com/cs3org/reva/v2@v2.27.0/internal/grpc/interceptors/auth/auth.go:122 method=/cs3.app.registry.v1beta1.RegistryAPI/ListSupportedMimeTypes pkg=rgrpc service=app-registry traceid=8c545afb5de53f583c7d2249c396c254
owncloud-auth | 2025-01-29T09:48:34Z DBG unary code=OK end="29/Jan/2025:09:48:34 +0000" from=tcp://127.0.0.1:52610 line=github.com/cs3org/reva/v2@v2.27.0/internal/grpc/interceptors/log/log.go:69 pkg=rgrpc service=app-registry start="29/Jan/2025:09:48:34 +0000" time_ns=179276 traceid=8c545afb5de53f583c7d2249c396c254 uri=/cs3.app.registry.v1beta1.RegistryAPI/ListSupportedMimeTypes user-agent=grpc-go/1.68.0
owncloud-auth | 2025-01-29T09:48:34Z DBG unary code=OK end="29/Jan/2025:09:48:34 +0000" from=tcp://127.0.0.1:43716 line=github.com/cs3org/reva/v2@v2.27.0/internal/grpc/interceptors/log/log.go:69 pkg=rgrpc service=gateway start="29/Jan/2025:09:48:34 +0000" time_ns=2721892 traceid=8c545afb5de53f583c7d2249c396c254 uri=/cs3.gateway.v1beta1.GatewayAPI/ListSupportedMimeTypes user-agent=grpc-go/1.68.0
owncloud-auth | 2025-01-29T09:48:34Z DBG http end="29/Jan/2025:09:48:34 +0000" host=127.0.0.1 line=github.com/cs3org/reva/v2@v2.27.0/internal/http/interceptors/log/log.go:112 method=GET pkg=rhttp proto=HTTP/1.1 service=frontend size=17 start="29/Jan/2025:09:48:34 +0000" status=200 time_ns=7170132 traceid=4e06806c18d9232e20ac7f0977077714 uri=/app/list url=/list
owncloud-auth | 2025-01-29T09:48:34Z INF access-log bytes=17 duration=9.904505 line=github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34 method=GET path=/app/list proto=HTTP/1.1 remote-addr=192.168.10.112 request-id=e548aba8-9207-46ae-815a-6d7425057565 service=proxy status=200 traceid=8c545afb5de53f583c7d2249c396c254
owncloud-auth | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.api.sharing","nodes":[{"address":"127.0.0.1:9150","id":"com.owncloud.api.sharing-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"tcp"}}],"version":"7.0.0"}
owncloud-auth | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.api.storage-shares","nodes":[{"address":"127.0.0.1:9154","id":"com.owncloud.api.storage-shares-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"tcp"}}],"version":"7.0.0"}
owncloud-auth | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.api.storage-system","nodes":[{"address":"127.0.0.1:9215","id":"com.owncloud.api.storage-system-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"tcp"}}],"version":"7.0.0"}
owncloud-auth | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.web.storage-system","nodes":[{"address":"127.0.0.1:9216","id":"com.owncloud.web.storage-system-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"http","registry":"cache","server":"http","transport":"http"}}],"version":"7.0.0"}
owncloud-auth | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.api.auth-service","nodes":[{"address":"127.0.0.1:9199","id":"com.owncloud.api.auth-service-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"tcp"}}],"version":"7.0.0"}
owncloud-auth | 2025-01-29T09:48:34Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.api.storage-users","nodes":[{"address":"127.0.0.1:9157","id":"com.owncloud.api.storage-users-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"tcp"}}],"version":"7.0.0"}
owncloud-auth | 2025-01-29T09:48:35Z DBG refreshing external service-registration line=github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:43 service={"endpoints":[],"metadata":null,"name":"com.owncloud.web.frontend","nodes":[{"address":"127.0.0.1:9140","id":"com.owncloud.web.frontend-24a7260f-8887-466b-a8d4-d8eb4ed2f9f5","metadata":{"protocol":"http","registry":"cache","server":"http","transport":"http"}}],"version":"7.0.0"}
Thanks in advance.