Android App Login not possible - Cannot retrieve OIDC well known file for https://domain

rumos · October 22, 2022, 3:41pm

Hi there,

I’m using Pydio with Collabora Online in a docker setup.
Everything seems to be working fine except for the Android App.

When I try to setup my account on android I encounter the following message after entering the server address:

Cannot retrieve OIDC well known file for https://pydio.domain.xy, pleas…

Unfortunately the error message is cut off.

On iOS (iPad) the login is working flawlessly.

Here is my docker setup:

version: '3.7'
services:

  cells:
    image: pydio/cells:latest
    restart: unless-stopped
    ports: ["9090:8080"]
    environment:
      - CELLS_LOG_LEVEL=production
      - CELLS_EXTERNAL=https://pydio.domain.xy
    volumes:
      - /var/docker/pydio/data:/var/cells/data
      - /var/docker/pydio/cellsdir:/var/cells

  mysql:
    image: mysql:5.7
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: P@ssw0rd
      MYSQL_DATABASE: cells
      MYSQL_USER: pydio
      MYSQL_PASSWORD: P@ssw0rd
    command: [mysqld, --character-set-server=utf8mb4, --collation-server=utf8mb4_unicode_ci]
    volumes:
      - /var/docker/pydio/mysql:/var/lib/mysql

and nginx config:

server {

    server_name pydio.domain.xy;

    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/pydio.domain.xy/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/pydio.domain.xy/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf; 
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

# Allow any size file to be uploaded.
    client_max_body_size 0;
    # To disable buffering
    proxy_buffering off;

    location / {
        # Uncomment this to enable gRPC and thus be able to use cells-sync
        if ($http_content_type = "application/grpc") {
            grpc_pass grpcs://localhost:9090;
        }
        proxy_pass https://localhost:9090;
    }

    location /ws/ {
        proxy_pass https://localhost:9090;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }

    error_log /var/log/nginx/cells-proxy-error.log;
    access_log /var/log/nginx/cells-proxy-access.log;

#### COLLABORA PART
 # static files
 location ^~ /browser {
   proxy_pass https://localhost:9980;
   proxy_set_header Host $http_host;
 }

 # WOPI discovery URL
 location ^~ /hosting/discovery {
   proxy_pass https://localhost:9980;
   proxy_set_header Host $http_host;
 }

 # Capabilities
 location ^~ /hosting/capabilities {
   proxy_pass https://localhost:9980;
   proxy_set_header Host $http_host;
 }

 # main websocket
 location ~ ^/cool/(.*)/ws$ {
   proxy_pass https://localhost:9980;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "Upgrade";
   proxy_set_header Host $http_host;
   proxy_read_timeout 36000s;
 }

 # download, presentation and image upload

 location ~ ^/(c|l)ool {
   proxy_pass https://localhost:9980;
   proxy_set_header Host $http_host;
 }

 # Admin Console websocket

 location ^~ /cool/adminws {
   proxy_pass https://localhost:9980;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "Upgrade";
   proxy_set_header Host $http_host;
   proxy_read_timeout 36000s;
  }
}

Thanks for your help in advance!

bsinou · October 26, 2022, 10:56am

Hello,

Could you please precise the version of both server and android app?

Can you reach this URL:

https://<your FQDN>/oidc/.well-known/openid-configuration ??

Evgeny_Zelenin · October 26, 2022, 12:40pm

i have some problem.

at URL https://<your FQDN>/oidc/.well-known/openid-configuration
i have answer - 404 page not found

bsinou · October 26, 2022, 1:40pm

Hi @Evgeny_Zelenin and welcome to our community!

So most probably, you are also behind a wrongly configured reverse proxy…

Evgeny_Zelenin · October 27, 2022, 5:43am

I don’t have a reverse proxy.
The server is behind the router, using nat.
Do I really need to use a reverse proxy?

bsinou · October 27, 2022, 7:43am

Nope but you have to configure your network so that relevant URLs can be reached. I cannot really help on this: the possibility are endless and tightly coupled with your setup.

I can only repeat myself: you have to understand why https://<your FQDN>/oidc/.well-known/openid-configuration cannot be reached and fix it…

It is not a “cells specific” issue…

rumos · October 28, 2022, 1:08pm

Hello bsinou,

thank you very much for your help. Asking for the version led me to check and update it.

It was 4.0.1 before so I started again from scratch with 4.0.2.

With the configuration above it is now running flawlessly.

Thanks. Topic can now be closed/marked as solved.

bsinou · October 28, 2022, 4:18pm

Thanks for the update.

77x · October 29, 2022, 6:17am

Hi,
I’m experiencing a problem using the android client.
It’s not working because I’m using a custom port to serve cells.
After login it opens a window on the browser with a wrong url, missing the port specification.

Device: Oneplus6
SO: Android 11

bsinou · November 3, 2022, 5:43pm

It is not specific to the Android app:

When you get a 404 while trying to access https://[FQDN]:[port]/oidc/.well-known/openid-configuration

(Most probably: https://[FQDN]:8080/oidc/.well-known/openid-configuration with a quick and dirty install ),

You must explicitly define an external URL, otherwise the server doesn’t know what to serve.

# Simply run:
cells configure sites
# and  give the correct answer to this question:
If this site is accessed through a reverse proxy, provide full external URL (https://mydomain.com):`
# e.g: 
https://files.example.com:8080