-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bad gateway on logout #814
Comments
Did you ever get this figured out? This is happening to me now. I notice it only happens if i dont have the option selected in SAML to allow multiple backend logins, like LDAP users.. If i keep that unchecked i get the gateway error on logout. If i have it selected and logout i get taken back to the proper authentik page with options. |
Expected behaviour
Following this guide and some experimentation, I expected logging out to work with one of these options as
URL Location of IdP where the SP will send the SLO Request
:https://auth.myurl.com/if/session-end/nextcloud/
https://auth.myurl.com/application/saml/nextcloud/slo/binding/post/
https://auth.myurl.com/application/saml/nextcloud/slo/binding/redirect/
Actual behaviour
I encountered a
Bad gateway
error that I cannot track down. With (1) the error appears with this URL in the browser:https://cloud.myurl.com/apps/user_saml/saml/sls?requesttoken=xxxxxxxxxxxxxxxxxxxxxxxxxx
. However, pasting (1) into the address bar correctly logs me out and returns me to the corresponding Authentik screen. (2) and (3) always end with aBad Request: The SAML request payload is missing.
from Authentik.Furthermore, the Nextcloud web log shows
OC\Authentication\Exceptions\InvalidTokenException: Token does not exist: token does not exist
within about two minutes of my logout attempts (don't know if it's lag or an unrelated error).PS: The logout itself seems to take place with (1), despite the bad gateway error. When heading back to
cloud.myurl.com
it briefly shows Authentik'sRedirecting to Nextcloud...
which it does not show when a Nextcloud session is still active (as happens with (2) and (3)).Reloading the bad request page simply logs me back into Nextcloud via Authentik's redirect page.
Configuration
Operating system: unRAID 6.12.6 (Docker)
Nextcloud: Nextcloud AIO 7.12.1 (Nextcloud 27.1.7 RC1)
Browser: Firefox 122.0.1
Operating system: Windows 11
IdP: Authentik
Reverse Proxy: Nginx Proxy Manager
Proxy Configuration
Websockets Support
,Force SSL
,HTTP/2 Support
,HSTS Enabled
,HSTS Subdomains
. It redirects tomy.servers.ipv4.address:11000
.The text was updated successfully, but these errors were encountered: