matrix-docker-ansible-deploy icon indicating copy to clipboard operation
matrix-docker-ansible-deploy copied to clipboard

Published 20 hours ago verified publisher icon spantaleev

SSO Users Logged Out Every Day or Two.

Open gitayam opened this issue 1 year ago • 0 comments

Playbook Configuration:

This happens with both Github and with Self-Hosted Authentik Accounts.

My vars.yml file looks like this:


matrix_playbook_reverse_proxy_type: playbook-managed-traefik
matrix_playbook_ssl_enabled: true
matrix_well_known_matrix_server_enabled: false
matrix_synapse_admin_enabled: true # Synapse Admin will be accessible at: https://matrix.DOMAIN/synapse-admin/

# Devture Traefik Configuration
# Source Guide: https://appelman.se/matrix-on-cloudflare/
devture_traefik_config_entrypoint_web_secure_enabled: false
devture_traefik_container_web_host_bind_port: "127.0.0.1:81"
devture_traefik_config_entrypoint_web_forwardedHeaders_insecure: true
devture_traefik_additional_entrypoints_auto:
  - name: matrix-federation
    port: 8449
    host_bind_port: "127.0.0.1:8449"
    config: {}

# Coturn Server Configuration
matrix_coturn_enabled: false

# Sliding Sync Configuration
matrix_sliding_sync_enabled: true
devture_traefik_config_certificatesResolvers_acme_email: REDACTED
enable_set_displayname: true

matrix_homeserver_implementation: synapse
matrix_homeserver_generic_secret_key: 'REDACTED'
matrix_registration_enabled: true
matrix_registration_admin_secret: "REDACTED"
matrix_domain: irregularchat.com
devture_postgres_connection_password: 'REDACTED'
matrix_synapse_max_upload_size_mb: 150
matrix_synapse_media_retention_local_media_lifetime: 1 y
matrix_synapse_media_retention_remote_media_lifetime: 3 m
matrix_synapse_report_stats: true
matrix_synapse_user_directory_prefer_local_users: true
# wether to accept passwords or not. True is yes. false is no.
matrix_synapse_password_config_enabled: false
devture_systemd_service_manager_up_verification_delay_seconds: 45
# Synapse Auto Compressor Configuration
matrix_synapse_auto_compressor_enabled: true

matrix_synapse_configuration_extension_yaml: |
  oidc_providers:
    - idp_id: Github-Login
      idp_name: "REDACTED"
      idp_icon: mxc://REDACTED
      discover: false
      issuer: "https://github.com/"
      client_id: "REDACTED"
      client_secret: "REDACTED"
      client_auth_method: client_secret_post
      scopes: [user:email]
      allow_existing_users: true
      authorization_endpoint: "https://github.com/login/oauth/authorize"
      token_endpoint: "https://github.com/login/oauth/access_token"
      userinfo_endpoint: "https://api.github.com/user"
      user_mapping_provider:
        config:
          subject_claim: "id"
          localpart_template: "{% raw %}{{ user.login }}{% endraw %}"
          display_name_template: "{% raw %}{{ user.name }}{% endraw %}"
          email_template: "{% raw %}{{ user.email }}{% endraw %}"
    - idp_id: REDACTED-sso
      idp_name: "REDACTED SSO"
      idp_icon: mxc://REDACTED
      discover: true
      issuer: "https://sso.REDACTED.com/application/o/element-messenger/"
      client_id: "REDACTED"
      client_secret: "REDACTED"
      client_auth_method: client_secret_post
      scopes:
          - "openid"
          - "profile"
      allow_existing_users: true
      user_mapping_provider:
          config:
              localpart_template: "{% raw %}{{ user.preferred_username }}{% endraw %}"
              display_name_template: "{% raw %}{{ user.preferred_username|capitalize }}{% endraw %}"
  delete_stale_devices_after: 6m
  retention:
    enabled: true
    purge_jobs:
      - longest_max_lifetime: 1h
        interval: 30m  # Purge more frequently to handle the 1-hour max lifetime
      - shortest_max_lifetime: 1h
        longest_max_lifetime: 1d
        interval: 6h  # Moderate frequency for messages lasting up to a day
      - shortest_max_lifetime: 1d
        interval: 12h  # For messages older than a day, purging twice a day

Matrix Server:

  • OS: Linux debian 6.1.0-16-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.67-1 (2023-12-12) x86_64 GNU/Linux
  • Architecture amd64
  • Authentik SSO

Problem description:

Authentik SSO Users on mobile (Desktop not impacted) are being logged out after a day or two. The time does not seem to be consistent based on user reporting.

On Authentik, the session is set NOT to expire in the login flow. And the app session is set to default minutes=1 minutes=5 days=30

Therefore, I think it is an issue with my configuration or the matrix. user-login-flow

Client (please complete the following information):

  • iOS and Android
  • NOT Desktop

Additional context Add any other context about the problem here.

gitayam avatar Dec 30 '23 15:12 gitayam