Set up openid for kopano-meet

pixel · October 5, 2020, 11:42am

Hi@all

I make my first steps with OpenID to test Kopano-Meet afterwards.
I have installed the OpenID-Provider on the UCS-Master (4.4.6) I did not make any changes to the configuration.
Host: srv01.mydomain.local (IP: 192.168.24.5)
Kopano (Core, WebApp, z-Push, Meet) are installed on a UCS member (4.4.6).
Host: com01.mydomain.local (IP: 192.168.24.6)
From a client I can call the URL:
https://ucs-sso.mydomain.local/.well-known/openid-configuration

There is also a UCS backup in the network
Host: backup01.mydomain.local (IP: 192.168.24.4)
In the “First steps” it says
“If the app is installed on DC Master or Backup, make sure that it is also installed on all other servers that can be reached under the ucs-sso DNS CNAME”.

I have checked the DNS. The CNAME “sso-ucs” points to both (Master & Backup: 192.168.24.5, 192.168.24.4). Is this correct?

I have not made any changes to the DNS & LDAP yet.

Do I have to add “openid-connect-provider” in User -> Account -> SAML Settings?

with best
sven

pixel · October 5, 2020, 2:07pm

The link:
https://ucs-sso.mydomain.local/.well-known/openid-configuration
only works temporarily. Can this have anything to do with the UCS backup?
How can I solve this?

fbartels · October 6, 2020, 7:28am

Hi @pixel,

what does “only works temporarily” mean?

yes

pixel · October 6, 2020, 7:46am

Little feedback. On the UCS this does not need to be added in the user because “openid-connect-provider” is automatically added in the group “Domain Users”.

Exception: If in the app settings of openid-connect-provider the option:
"Do not add the SAML configuration to the Domain Users group. "
is activated.

pixel · October 6, 2020, 9:39am

It behaves somewhat strangely. For testing I restart my desktop (Ubuntu 20.04 / Firefox) and call the URL:
https://com01.mydomain.local/meet

Sometimes I get redirected to the login page (UCS)
https://ucs-sso.mydomain.local/simplesamlphp/module.php/core/loginuserpass.php?AuthState=_.....

When I enter my login data I get into Meet. Sometimes however:

404 not found

With the URL without hostname it never works

https://mydomain.local/meet

Page was not found

Could it have something to do with “ucs-sso.mydomain.local” pointing to two servers?

192.168.24.5 (UCS-Master) here is openid-connector installed
192.168.24.4 (UCS backup)

fbartels · October 6, 2020, 10:51am

Yes, exactly that. As you already wrote in the opening post:

So it either needs to be installed on the backup as well, or the cname must be adapted to only point to the master.