SSO login fails with no session available

[JesseKPhillips]

Steps to reproduce

I am hosting Synapse and Nextcloud on the same server with Nextcloud providing OIDC.

1. Configure synapse in a sub-domain but present without sub-domain
2. Configure an OIDC
3. Login with SSO
4. Login to other locations with SSO - 2 maybe 3, I had 4.
5. Within the app, go to privacy -> Sessions
6. Attempt to log-out a session
7. You'll be prompted to login to verify identity, do so

• chat.<homeserver> - Points to Synapse Docker instance port 8008
• matrix-fed.<homeserver> - Points to Synapse Docker instance port 8008
• cloud.<homeserver> - Points to Nextcloud instance
• <homeserver>/_matrix/ - Points to Synapse Docker instance 8008
• <homeserver>/_synapse/ - Points to Synapse Docker instance 8008
• .well-known/matrix/server - directs to matrix-fed.<homeserver>
• .well-known/matrix/client - directs to chat.<homeserver>

This has all been done to get successful connection to the federation. And some additional back story can be found matrix-org/matrix.org#206 (comment)

---

server_name: "<homeserver>"
pid_file: /data/homeserver.pid
listeners:
  - port: 8008
    tls: false
    type: http
    x_forwarded: true
    resources:
      - names: [client, federation]
        compress: false
database:
  name: sqlite3
  args:
    database: /data/homeserver.db
log_config: "/data/chat.<homeserver>.log.config"
media_store_path: /data/media_store
registration_shared_secret: "this is the secret I use"
report_stats: true
macaroon_secret_key: "I have special secrets I tell you"
form_secret: "Alright I give, the secret is"
signing_key_path: "/data/chat.<homeserver>.signing.key"
trusted_key_servers:
  - server_name: "<homeserver>"
  - server_name: "chat.<homeserver>"

web_client_location: "https://cloud.<homeserver>/apps/riotchat/#/home"
public_baseurl:  "https://chat.<homeserver>/"

password_config:
  enabled: false

sso:
  client_whitelist:
    - "https://cloud.<homeserver>"
    - "https://<homeserver>"
    - "https://chat.<homeserver>" # Ok, I probably don't need this
  update_profile_information: true

oidc_providers:
  - idp_id: nextcloud
    idp_name: "Secret"
    skip_verification: false
    issuer: "https://cloud.<homeserver>"
    client_id: "gah, now you know"
    client_secret: ""
    client_auth_method: "client_secret_post"
    scopes: ["openid", "profile"] 
    authorization_endpoint: "https://cloud.<homeserver>/apps/oidc/authorize"
    token_endpoint: "https://cloud.<homeserver>/apps/oidc/token"
    userinfo_endpoint: "https://cloud.<homeserver>/apps/oidc/userinfo"
    jwks_uri: "https://cloud.<homeserver>/apps/oidc/jwks"

Outcome

What did you expect?

The login to be successful and verified, with the session being removed from the active list.

The initial login page should take you to chat.<homeserver>

What happened instead?

The Initial Login Page opens <homeserver> when you go to click to login it takes you to the chat.<homeserver> and presents a page that the session is missing.

Your phone model

Samsaugn A13

Operating system version

Android 11

Application version and app store

Element 1.6.14 G-310cecf5

Homeserver

Synapse 1.105.1

Will you send logs?

No

Are you willing to provide a PR?

No