nextcloud
URL for keycloak is being cut
How to use GitHub
- Please use the 👍 reaction to show that you are affected by the same issue.
- Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
- Subscribe to receive notifications on status change and new comments.
Steps to reproduce
- Attempted to log in
- Got internal error after logging in
- Navigate to the Nextcloud afterwards get me logged in
Expected behaviour
Logged in right away
Actual behaviour
Internal error
Server configuration
Web server: Apache/Nginx
Database: MySQL/Maria/SQLite/PostgreSQL
PHP version: 8.1
Nextcloud version: 30
You see that in the logs, the url's end up with realm, where it should be realm/realmname. Something is cutting them.
{"reqId":"TvklCQS4Pc6N2XQtlIBg","level":3,"time":"2024-12-05T08:41:23+00:00","remoteAddr":"129.240.130.7","user":"--","app":"index","method":"GET","url":"/index.php/apps/user_oidc/code?error=temporarily_unavailable&error_description=authentication_expired&state=E3COEVT42TTRL02RXR2BXS5LOVCN6HIN&iss=https%3A%2F%2Fauth.domain.eu%2Frealms%2Fmed-lo","message":"The requested uri(/index.php/apps/user_oidc/code) cannot be processed by the script '/apps/user_oidc/code?error=temporarily_unavailable&error_description=authentication_expired&state=E3COEVT42TTRL02RXR2BXS5LOVCN6HIN&iss=https%3A%2F%2Fauth.domain.eu%2Frealm')","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0.1 Safari/605.1.15","version":"30.0.2.2","exception":{"Exception":"Exception","Message":"The requested uri(/index.php/apps/user_oidc/code) cannot be processed by the script '/apps/user_oidc/code?error=temporarily_unavailable&error_description=authentication_expired&state=E3COEVT42TTRL02RXR2BXS5LOVCN6HIN&iss=https%3A%2F%2Fauth.domain.eu%2Frealm')","Code":0,"Trace":[{"file":"/var/www/nextcloud/lib/base.php","line":954,"function":"getRawPathInfo","class":"OC\\AppFramework\\Http\\Request","type":"->"},{"file":"/var/www/nextcloud/index.php","line":24,"function":"handleRequest","class":"OC","type":"::"}],"File":"/var/www/nextcloud/lib/private/AppFramework/Http/Request.php","Line":711,"message":"The requested uri(/index.php/apps/user_oidc/code) cannot be processed by the script '/apps/user_oidc/code?error=temporarily_unavailable&error_description=authentication_expired&state=E3COEVT42TTRL02RXR2BXS5LOVCN6HIN&iss=https%3A%2F%2Fauth.domain.eu%2Frealm')","exception":{},"CustomMessage":"The requested uri(/index.php/apps/user_oidc/code) cannot be processed by the script '/apps/user_oidc/code?error=temporarily_unavailable&error_description=authentication_expired&state=E3COEVT42TTRL02RXR2BXS5LOVCN6HIN&iss=https%3A%2F%2Fauth.domain.eu%2Frealm')"}}
If you are referring to the iss GET param sent in the /apps/user_oidc/code request, this is a request coming from the IdP to Nextcloud. Nothing we have control over.
I don't think that's your problem.
Your IdP is sending error=temporarily_unavailable&error_description=authentication_expired in this code request. There might be a misconfiguration on your IdP side. Something expires too soon for the login flow to complete.
You might wanna have a look at the realm settings, in the "Sessions" tab. I think the login settings could be the cause. Maybe the system clocks of the NC server and the Keycloak server are too different or the login timeouts are too short.
