IT-Tools and OIDC - Looping issue

Teiluj

Hi,

We have this app setup with Cloudron OIDC authentication.

For a single user (as far as I know), attempting to log in result in a loop:

• the other access the login page and press the login button
• he is being redirected to the OIDC authentication
• After authenticating, instead of access the IT-tools app, he is redirected to the login page again with for only option to press the login button.

Other users appear unaffected.
Installing a second iteration of the app with the same (simple) setup result in the same behavior.
There is no apparent errors in the logs of the app.

Has someone come across this already?
any suggestions how to resolve this?

Many thanks,

james

Hello @teiluj
For that single user, does his username have special characters?
Does he have a first and last name in his profile or just a single string?

Teiluj

Hi @james,

This single user's username does not contain any special character - the username is literally a sequence of character aka a single string.
It also follows the same naming scheme as other users for which the application works.

This leaves me baffled for now.

Many thanks,

james

Hello @teiluj
Since the @it-tools app uses Cloudron Proxyauth I assume this might be some strange caching issue.
Can you ask the user to try it in a private browser window?

Teiluj

Hi @james - Yes, we have done this and no success. I also have to mention that this has been going on for this one user for months now.

james

Hello @teiluj
Is it just the @it-tools app or are other apps affected as well?

Teiluj

Hi @james

Currently the issue is only affecting that particular user, with that particular @it-tools app.

jdaviescoates

@Teiluj have you tried impersonating that user? If you can reproduce yourself you might be able to get further insight.

Teiluj

Hi @jdaviescoates - Many thanks for your idea.

Impersonating the user present the same loop problem unfortunately.

james

Hello @Teiluj
Can you please share the details for that user so we can try to reproduce this issue?

jdaviescoates

@Teiluj there might be some clues in the browser console when doing it as the user?

Teiluj

A short update: this seems to point at a server issue.

Using the same computer and the same browser, I installed the app on a different server, and was able to log into the app successfully, using the same user credentials (the user authentication comes from LDAP sync from a 3rd cloudron server)

I can also confirm that on that one server, where the user is having the issue, clearing the browser's cache or using a different browser/computer, does not solve the problem.

@james - Happy to share more details as far as possible, but considering the above, I doubt that this is easily reproducible.

Teiluj

@jdaviescoates Thanks for the suggestion - I cannot see anything of significance there either.

Teiluj

ok - I was hoping that somehow the move to the fork would help with this, but actually, there is no change, still looping.
Any ideas how to go and troubleshoot this further?

Many thanks,

james

Hello @teiluj
You did not yet share the erroring user details like username, first and last name so we could try to reproduce it.

Teiluj

Hi @james - Thanks for your willing help.
For security/confidentiality reasons, these are elements of information that are difficult to share on a public forum. I could eventually share this in a private context, but I can confirm that there is absolutely nothing special about both username and the name of the user. I hope that it makes sense.

Just as a short recap about this:

• the server where the application is installed has its user directory LDAP synced from another Cloudron. The user facing the issue is a synced user
• The cloudron sso-enabled application used to work with this particular user, until it stopped and created this looping issue
• it only happens for this user on this server for this app:
  • Other cloudron sso-enabled apps on this same server have no issue with this user.
  • Other users using the IT-Tools app on this same server have no looping issues
  • On the same server, with a newly/secondary installed IT-Tools app instance, the same user still faces the looping issue.
  • both the server log as well as the app log do not show anything of note regarding this. In fact, the event log of the app shows the user has "logged into" the app.
  • On another server, with the user directory also synced, with the IT-Tools app installed there, the same user does not experience the looping issue.
  • the looping error persists even when using different machines / different browsers / clearing the browser's cache, etc...

I hope that this helps somehow.

jdaviescoates

@Teiluj said in IT-Tools and OIDC - Looping issue:

On another server, with the user directory also synced, with the IT-Tools app installed there, the same user does not experience the looping issue.

TBH I'd probably just be inclined to just use that instance

Teiluj

@jdaviescoates Thanks - Not the I have not though about this, but, at last, this could only be a temporary solution following our infrastructure setup.

It also does not solve the underlying OIDC issue, which I very much find intriguing.