<![CDATA[SSO with Element not working]]>Is anyone else experiencing problems with SSO with matrix? Upon clicking "log in with X" there seem to be various redicts which end up either in an SSL error or the message

Too many redirects occurred trying to open “https://matrix.tld.com/_matrix/client/v3/login/sso/redirect/oidc-cloudron?redirectUrl=https%3A%2F%2Fchat.tld.com%2F&org.matrix.msc3824.action=login”. This might occur if you open a page that is redirected to open another page which then is redirected to open the original page.

depending on the client used.

]]>https://forum.cloudron.io/topic/13642/sso-with-element-not-workingRSS for NodeFri, 12 Jun 2026 23:13:11 GMTSat, 12 Apr 2025 18:57:56 GMT60<![CDATA[Reply to SSO with Element not working on Mon, 21 Apr 2025 10:09:05 GMT]]>@nebulon not sure. Maybe I accidentally removed it when I set up Prometheus

]]>https://forum.cloudron.io/post/106028https://forum.cloudron.io/post/106028Mon, 21 Apr 2025 10:09:05 GMT<![CDATA[Reply to SSO with Element not working on Mon, 21 Apr 2025 09:22:24 GMT]]>Good find. I wonder why it was no set in that instance. The configs from the package should have it since 5 years https://git.cloudron.io/packages/synapse-app/-/blame/master/homeserver.yaml.template?ref_type=heads#L14

]]>https://forum.cloudron.io/post/106017https://forum.cloudron.io/post/106017Mon, 21 Apr 2025 09:22:24 GMT<![CDATA[Reply to SSO with Element not working on Sun, 20 Apr 2025 12:30:45 GMT]]>I figured it out, here's what was happening:

The client was trying to access the SSO redirect URL with HTTP, but my server was configured to use HTTPS:

Requested URI http://matrix.due.ren/_matrix/client/r0/login/sso/redirect/oidc-cloudron?redirectUrl=element://connect?transaction_id=m2111693422.2 is not canonical: redirecting to https://matrix.due.ren/_matrix/client/r0/login/sso/redirect/oidc-cloudron?redirectUrl=element://connect?transaction_id=m2111693422.2

This redirection kept happening repeatedly (as shown by the multiple identical log entries with different request IDs), creating a loop. Synapse didn't properly handle the protocol conversion between HTTP and HTTPS.

Here's how I fixed the issue:
Added the x_forwarded: true setting to my configuration's listeners section:

listeners:
  - port: 8008
    type: http
    bind_addresses: ['0.0.0.0']
    x_forwarded: true  # Added this line
    resources:
      - names: [client, federation, metrics]
        compress: false
]]>https://forum.cloudron.io/post/106001https://forum.cloudron.io/post/106001Sun, 20 Apr 2025 12:30:45 GMT<![CDATA[Reply to SSO with Element not working on Wed, 16 Apr 2025 18:28:27 GMT]]>@nebulon hmm fresh installation (chat.as.ci) seems to work 😐
Now I gotta see what’s different

]]>https://forum.cloudron.io/post/105839https://forum.cloudron.io/post/105839Wed, 16 Apr 2025 18:28:27 GMT<![CDATA[Reply to SSO with Element not working on Wed, 16 Apr 2025 09:03:32 GMT]]>If you install a fresh instance, do you see the same behavior just with a different subdomain then? That would at least mean that this is not the app configs but something related to the system setup

]]>https://forum.cloudron.io/post/105796https://forum.cloudron.io/post/105796Wed, 16 Apr 2025 09:03:32 GMT<![CDATA[Reply to SSO with Element not working on Tue, 15 Apr 2025 18:31:14 GMT]]>@nebulon I couldn't find any issues:

# https://github.com/element-hq/synapse/blob/master/docs/sample_config.yaml

# if you change this, change the auto_join_rooms below as well
server_name: "due.ren"
pid_file: /run/synapse/homeserver.pid
public_baseurl: https://matrix.due.ren
push:
  enabled: true
  include_content: false
  group_unread_count_by_room: true
  # jitter_delay: "10s"
experimental_features:
  msc3266_enabled: true
forget_rooms_on_leave: true
forgotten_room_retention_period: 7d
enable_metrics: true
listeners:
  - port: 8008
    type: http
    bind_addresses: ['0.0.0.0'] # Ensure it’s not just localhost if Prometheus is on a different machine/container
    resources:
      - names: [client, federation, metrics]
        compress: false
database:
  name: "psycopg2"
  args:
    # Path to the database
    user: xxx
    password: xxx
    database: xxx
    host: postgresql
    cp_min: 5
    cp_max: 10
background_updates:
  background_update_duration_ms: 100
  sleep_enabled: true
  sleep_duration_ms: 1000
  min_batch_size: 1
  default_batch_size: 100
email:
  smtp_host: mail
  smtp_port: 2525
  smtp_user: "matrix.app@due.ren"
  smtp_pass: "xxx"
  require_transport_security: false
  app_name: matrix.due.ren
  notif_from: "Matrix <matrix.app@due.ren>"
  enable_notifs: true
  notif_for_new_users: true
  client_base_url: "https://matrix.due.ren"
  validation_token_lifetime: 15m
  invite_client_location: https://chat.due.ren
  subjects:
    message_from_person_in_room: "[%(app)s] You have a message on %(app)s from %(person)s in the %(room)s room..."
    message_from_person: "[%(app)s] You have a message on %(app)s from %(person)s..."
    messages_from_person: "[%(app)s] You have messages on %(app)s from %(person)s..."
    messages_in_room: "[%(app)s] You have messages on %(app)s in the %(room)s room..."
    messages_in_room_and_others: "[%(app)s] You have messages on %(app)s in the %(room)s room and others..."
    messages_from_person_and_others: "[%(app)s] You have messages on %(app)s from %(person)s and others..."
    invite_from_person_to_room: "[%(app)s] %(person)s has invited you to join the %(room)s room on %(app)s..."
    invite_from_person: "[%(app)s] %(person)s has invited you to chat on %(app)s..."
    password_reset: "[%(server_name)s] Password reset"
    email_validation: "[%(server_name)s] Validate your email"
turn_uris:
  - turn:turn.due.ren:5349?transport=udp
  - turn:turn.due.ren:5349?transport=tcp
  - turns:turn.due.ren:5349?transport=udp
  - turns:turn.due.ren:5349?transport=tcp
turn_shared_secret: "xxx"
turn_allow_guests: true
turn_user_lifetime: 86400000
federation_ip_range_blacklist:
  - '127.0.0.0/8'
  - '10.0.0.0/8'
  - '172.16.0.0/12'
  - '192.168.0.0/16'
  - '100.64.0.0/10'
  - '169.254.0.0/16'
  - '::1/128'
  - 'fe80::/64'
  - 'fc00::/7'
enable_registration: false
enable_registration_without_verification: false
registration_shared_secret: "xxx"
allow_guest_access: false
enable_group_creation: true
report_stats: false
auto_accept_invites:
  enabled: true
  only_for_direct_messages: true
  only_from_local_users: true
  worker_to_run_on: "worker_1"
signing_key_path: "/app/data/configs/signing.key"
url_preview_enabled: true
url_preview_ip_range_blacklist:
  - '127.0.0.0/8'
  - '10.0.0.0/8'
  - '172.16.0.0/12'
  - '192.168.0.0/16'
  - '100.64.0.0/10'
  - '169.254.0.0/16'
  - '::1/128'
  - 'fe80::/64'
  - 'fc00::/7'
media_store_path: "/app/data/data/media_store"
max_upload_size: 200M
max_image_pixels: "32M"
dynamic_thumbnails: true
app_service_config_files:
  - /app/data/configs/registration.yaml
server_notices:
  system_mxid_localpart: notices
  system_mxid_display_name: "Server Notices"
  system_mxid_avatar_url: "https://static.due.ren/site/logo.png"
  room_name: "Server Notices"
  room_avatar_url: "https://static.due.ren/site/logo.png"
  room_topic: "Room used by your server admin to notice you of important information"
  auto_join: true
trusted_key_servers: []
password_config:
  enabled: true
  localdb_enabled: true
log_config: /app/data/configs/log.config
presence:
  enabled: true
delete_stale_devices_after: 12w
admin_contact: 'mailto:admin@due.ren'
thumbnail_sizes:
  - width: 32
    height: 32
    method: crop
  - width: 96
    height: 96
    method: crop
  - width: 320
    height: 240
    method: scale
  - width: 640
    height: 480
    method: scale
  - width: 800
    height: 600
    method: scale
serve_server_wellknown: true
user_directory:
  enabled: true
  search_all_users: true
  prefer_local_users: true
web_client_location: https://chat.due.ren/
oidc_providers:
  - idp_id: cloudron
    idp_name: due.ren
    issuer: https://my.due.ren/openid
    client_id: xxx
    client_secret: xxx
    scopes:
      - openid
      - email
      - profile
    authorization_endpoint: https://my.due.ren/openid/auth
    token_endpoint: https://my.due.ren/openid/token
    userinfo_endpoint: https://my.due.ren/openid/me
    allow_existing_users: true
    skip_verification: true
    user_mapping_provider:
      config:
        localpart_template: '{{ user.sub }}'
        display_name_template: '{{ user.name }}'
]]>https://forum.cloudron.io/post/105758https://forum.cloudron.io/post/105758Tue, 15 Apr 2025 18:31:14 GMT<![CDATA[Reply to SSO with Element not working on Tue, 15 Apr 2025 12:17:59 GMT]]>I can see the redirects on your server here as well. So this is synapse redirecting to itself endlessly. Maybe something off in your config file there?

]]>https://forum.cloudron.io/post/105726https://forum.cloudron.io/post/105726Tue, 15 Apr 2025 12:17:59 GMT<![CDATA[Reply to SSO with Element not working on Tue, 15 Apr 2025 11:25:26 GMT]]>@nebulon DNS hosted on cloudflare but not proxied. Unfortunately logs fill up so quickly it’s hard to keep track. It’s over 200MB, I’ll try to download them later. You can try yourself here: chat.due.ren

]]>https://forum.cloudron.io/post/105717https://forum.cloudron.io/post/105717Tue, 15 Apr 2025 11:25:26 GMT<![CDATA[Reply to SSO with Element not working on Tue, 15 Apr 2025 08:03:33 GMT]]>Seems to work here at least, do you have any extra proxy or so in front of the instance which might interfere here? If the browser login also fails, do you see in the inspector who issues those redirects somehow? Also anything interesting from the app logs (maybe both element and synapse)

]]>https://forum.cloudron.io/post/105697https://forum.cloudron.io/post/105697Tue, 15 Apr 2025 08:03:33 GMT<![CDATA[Reply to SSO with Element not working on Mon, 14 Apr 2025 15:34:03 GMT]]>@joseph I am also. But regular auto works without problems. This is not working on the regular element apps on mobile or web.

]]>https://forum.cloudron.io/post/105671https://forum.cloudron.io/post/105671Mon, 14 Apr 2025 15:34:03 GMT<![CDATA[Reply to SSO with Element not working on Mon, 14 Apr 2025 09:15:58 GMT]]>Are you using Element X app? I think it requires the new auth mechanism

]]>https://forum.cloudron.io/post/105658https://forum.cloudron.io/post/105658Mon, 14 Apr 2025 09:15:58 GMT