user_saml icon indicating copy to clipboard operation
user_saml copied to clipboard

Published 20 hours ago verified publisher icon nextcloud

Too many redirects on IOS safari browsers

Open staler opened this issue 6 years ago • 3 comments

Steps to replicate it:

get a apple or mac device open safari log-in

Expected behaviour

User get loged in to nextcloud and see his files

Actual behaviour

users on an mac/ ios device getting a too many redirects error in safari

Server configuration

Nextcloud Versie: 15.0.2.0 Apps geïnstalleerd: 31 App updates beschikbaar: 0

PHP Versie: 7.2.14 Geheugenlimiet: 512 MB Max verwerkingstijd: 3600 Max uploadomvang: 511 MB

Database Type: mysql Versie: 10.3.12 Grootte: 1,4 MB

Where did you install Nextcloud from: installatron

List of activated apps: Accessibility 1.1.0 Officieel Activity 2.8.2 Officieel Auditing / Logging 1.5.0 Officieel Collaborative tags 1.5.0 Officieel Deleted files 1.5.0 Officieel Federation 1.5.0 Officieel File sharing 1.7.0 Officieel Log Reader 2.0.0 Officieel Monitoring 1.5.0 Officieel Nextcloud announcements 1.4.0 Officieel Notifications 2.3.0 Officieel Password policy 1.5.0 Officieel PDF viewer 1.4.0 Officieel Share by mail 1.5.0 Officieel SSO & SAML authentication 2.1.1 Officieel Support 1.0.0 Officieel Text editor 2.7.0 Officieel Theming 1.6.0 Officieel Update notification 1.5.0 Officieel Usage survey 1.3.0 Officieel Versions 1.8.0 Officieel Video player

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your Nextcloud installation folder

Nextcloud configuration:

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your Nextcloud installation folder

or

Insert your config.php content here
Make sure to remove all sensitive content such as passwords. (e.g. database password, passwordsalt, secret, smtp password, …)
```<?php
$CONFIG = array (
  'instanceid' => '-----',
  'passwordsalt' => '---------',
  'secret' => '----------',
  'trusted_domains' => 
  array (
    0 => 'tascc.xs4cloud.nl',
  ),
  'datadirectory' => '/home/tascccloud/domains/tascc.xs4cloud.nl/public_html/.htxoljpx4gsvlq.data',
  'dbtype' => 'mysql',
  'version' => '15.0.2.0',
  'overwrite.cli.url' => 'https://tascc.xs4cloud.nl',
  'dbname' => 'tascccloud_oc1',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => '------',
  'dbpassword' => '-------------',
  'installed' => true,
  'maintenance' => false,
  'session_lifetime' => 600,
  'skeletondirectory' => '',
  'updater.release.channel' => 'stable',
  'remember_login_cookie_lifetime' => 1,
  'session_keepalive' => false,
  'theme' => '',
  'loglevel' => 2,
);
<?php
$CONFIG = array (
'session_lifetime' => 600,
'remember_login_cookie_lifetime' => 1,
'session_keepalive' => false,

'skeletondirectory' => '',
);
### Client configuration
**Browser:** Safari

**Operating system:**
IOS
### Logs 

#### Nextcloud log (data/owncloud.log)

Insert your Nextcloud log here

nothing showing up there
#### Browser log

Insert your browser log here, this could for example include:

a) The javascript console log b) The network log c) ... i dont have a browser log, but this is the log from the hosting server

`82.161.177.171 - - [04/Feb/2019:22:18:47 +0100] "POST /index.php/apps/user_saml/saml/acs HTTP/1.1" 303 1011 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:48 +0100] "GET / HTTP/1.1" 302 1640 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:49 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:49 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:49 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:50 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:50 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:50 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:51 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:51 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:51 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:52 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:52 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:52 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:52 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:53 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"
82.161.177.171 - - [04/Feb/2019:22:18:53 +0100] "GET /index.php/apps/files/ HTTP/1.1" 302 1093 "https://tascc.miniorange.com/moas/verifyuser" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15"`

staler avatar Feb 04 '19 22:02 staler

@staler Did you find any solution for this?

chrsch avatar Mar 12 '19 19:03 chrsch

I had the same problem. It seems that iOS Safari doesn't save Cookie when Origin != Host. The server returns 302 Found response with Set-Cookie header for __Host-nc_sameSiteCookielax, but Safari doesn't set it.

tsuzu avatar Mar 29 '19 07:03 tsuzu

I'm experiencing the same with NC 17 (but this goes all the way back to 14). There seems to be a difference in triggering a SML response when:

  1. Opening Nextcloud (without NC-session) using "target="_blank""
  2. Opening Nextcloud (without NC-session) opening in the link "manually" in the current address bar

In the first case, the process stops, no redirect to SAML happens. In the headers, I see the following (only main differences shown):

Cookie: ....xxx... __Host-nc_sameSiteCookielax=true
location:

In the second case, I get redirected to SAML for the login screen and all works. In the headers, I see the following (only main differences shown):

Cookie: .... __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true
location: https://login.xxx.yy/saml/saml2/idp/SSOService.php?SAMLRequest=pZJNbxo...

Either way, this issue is solved by applying the one-row fix in #248

ebogaard avatar Oct 15 '19 12:10 ebogaard