I have managed to successfully setup a docker-compose.yml containing owncloud/server:10.15, Traefik, MariaDB and Redis containers and using my SSL certifcate succesffuly.
I can access ownCloud login page and login as the admin user and set allthe various options I want.
Everything is working well except when it comes to enabled 2FA. I enabled apps for Password Policy, OAuth2. These both work, as it correctly applies password settings I have selected and also using a desktop client makes use of OAuth2.0 correctly.
When I go to the security tab and enable forced 2FA for all users. I then create a new user, the email arrives, I follow th elink and was expecting the login page to have a QR code and work like shown in the documentation but it does not. It only has the usual login option with username and password.
I read that it requires imagemagick and php-imagick when I interrogate the docker container I can see that it apepars to have these present inside the container.
Note that I can reproduce the issue if I use the simpler example docker compose setup from ownCloud’s documentation on the web.
Any help would be much appreciated.
Steps to reproduce
- Create a running instance of ownCloud using: Installing with Docker
- Login as the admin account, enable enforced 2FA for all users
- Create a new user and let it email them the link to setup their account.
- Follow the link fro mth eemail and the user sees normal login screen not a 2FA login screen.
Expected behaviour
Expect to see 2FA based login screen like show here: User Two-Factor Authentication
Actual behaviour
See the normal log in screen requireing user name and password.
Server configuration
Operating system:
Ubuntu 20.04 (Ithink from ownCloud docker container)
Web server:
Database:
Maria DB 11.6
PHP version:
From docker container seems to be 7.4.3
ownCloud version: (see ownCloud admin page)
10.15
Updated from an older ownCloud or fresh install:
Fresh setup using docker compose
Where did you install ownCloud from:
Official ownCloud docker hub images.
Signing status (ownCloud 9.0 and above):
Login as admin user into your ownCloud and access
http://example.com/index.php/settings/integrity/failed
paste the results into https://gist.github.com/ and puth the link here.
The content of config/config.php:
Log in to the web-UI with an administrator account and click on
'admin' -> 'Generate Config Report' -> 'Download ownCloud config report'
This report includes the config.php settings, the list of activated apps
and other details in a well sanitized form.
or
If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your ownCloud installation folder
*ATTENTION:* Do not post your config.php file in public as is. Please use one of the above
methods whenever possible. Both, the generated reports from the web-ui and from occ config:list
consistently remove sensitive data. You still may want to review the report before sending.
If done manually then it is critical for your own privacy to dilligently
remove *all* host names, passwords, usernames, salts and other credentials before posting.
You should assume that attackers find such information and will use them against your systems.
List of activated apps:
If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your ownCloud installation folder.
Are you using external storage, if yes which one: local/smb/sftp/…
Are you using encryption: yes/no
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/…
LDAP configuration (delete this part if not used)
With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your ownCloud installation folder
Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap';
Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.
Client configuration
Browser:
Operating system:
Logs
Web server error log
Insert your webserver log here
ownCloud log (data/owncloud.log)
Insert your ownCloud log here
Browser log
Insert your browser log here, this could for example include:
a) The javascript console log
b) The network log
c) ...