Office 365 Connector - Login Page with 301 Errors

roland.gsell · July 25, 2019, 9:37am

Dear Forum,

I had a problem with the Univention Office 365 Connector:

The login page looked like this (instead of the normal Univention Login Page):

So I tried to download one of the files directly to my PC:

wget https://office365connect.firma.com/univention/login/saml-config.js

And I got this:

[...]
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://office365connect.firma.com/univention/login/saml-config.js [following]
20 redirections exceeded.

So I analysed the apache config a little bit and I found that commenting the last line of this file fixes the problem:

/etc/apache2/mods-available/ssl.conf
# RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]

However, this rule is here for a reason, so what should I do instead?
Also, how could this happen? We didn’t do any update and it worked before since many months now.

Any ideas?

Thanks for reading,
cheers,
Roland.

Moritz_Bunkus · July 26, 2019, 12:11pm

That rule should only take effect if the connection is made via unencrypted HTTP. That’s what the condition RewriteCond %{HTTPS} off a couple of lines above the redirect is there for.

Is it possible that connections to office365connect.firma.com terminate not on the UCS server itself but on another web server/reverse proxy server, and that the other server in turn connect to the UCS server via HTTP?

Additionally verify that your ssl.conf template hasn’t been modified and is up to date. The command univention-check-templates shouldn’t output anything.

roland.gsell · July 29, 2019, 8:24am

Thanks for that - yes, this customer is indeed running a proxy server.
We will check if anything changed there.

univention-check-templates didn’t return anything.