You are viewing limited content. For full access, please sign in.

Question

Question

Laserfiche with reverse proxy and let's encrypt

Laserfiche
Updated July 13, 2022
asked on July 7, 2022

I've successfully implemented a reverse proxy server that handles Let's Encrypt certs.  The trouble I'm having is that when I go to sign on to the Laserfiche website, I get an error "An error has occurred".  I've attached a picture of what the web page error states in the background.

Laserfiche.Error.png
Laserfiche.Error.png (106.75 KB)
Download
0 0

Replies

replied on July 7, 2022

Hi David,

The error you're seeing is the surfacing of a backend error on the LFFSTS site.

Can you please reproduce the error, check the Directory Server "WebSTS" Windows event log, and post the corresponding full messages?

Out of curiosity, what reverse proxy? Please note that Windows Authentication does not work properly through most layer 7 reverse proxies unless they have specific support for NTLM passthrough. AD users can still log in using the Username/Password option. You can disable the Windows Authentication option if needed from https://locahost/LFDSSTS/configuration on the machine hosting the service.

0 0
View 4 previous replies
replied on July 11, 2022

How do I do this?   "check the Directory Server "WebSTS" Windows event log"

0 0
replied on July 11, 2022

On the server hosting Directory Server:

  1. Open Event Viewer
  2. Expand Applications and Services Logs
  3. Expand Laserfiche
  4. Expand Directory Service
  5. Expand WebSTS (LFDSSTS logs go here, LFDS service logs go under Server)
  6. Look at the Admin and Operations logs. One of them, likely the Admin log, will have an entry starting with the error text you saw on the page ("An error has occurred") followed by the stack trace. This is the "full error message" I'm looking for. You can use the timestamps on the log entries to help identify the correct message. 
  7. Please post the text that appears in the General tab's box (see below). If there are multiple different error messages, especially if they occur back-to-back timewise, please include both.

 

This is useful troubleshooting advice for Laserfiche applications in general. Most serious errors are written to the application event logs with more details than you get in the UI. Reading an error's stack trace until you find a line that helps make sense of it (example) is perhaps the single most useful tool you can have in your Laserfiche troubleshooting toolbelt.

0 0
replied on July 12, 2022

Here are some recent logs.

Admin:

An error has occurred

STS.Core.Infrastructure.Exceptions.WebSTSException: An error has occurred ---> System.Exception: Unable to log in: could not identify Laserfiche Directory Server site for user login.
   at WebSTS.LFDS.Services.Login.LFDSLoginManager.ProcessLogin(LoginData loginData)
   at WebSTS.LFDS.Controllers.LoginController.Login(LoginData data)
   at lambda_method(Closure , Object , Object[] )
   at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.<>c__DisplayClass10.<GetExecutor>b__9(Object instance, Object[] methodParameters)
   at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext controllerContext, IDictionary`2 arguments, CancellationToken cancellationToken)
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Controllers.ApiControllerActionInvoker.<InvokeActionAsyncCore>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Controllers.ActionFilterResult.<ExecuteAsync>d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Controllers.ExceptionFilterResult.<ExecuteAsync>d__0.MoveNext()
 

==========================

Operation:

ID4243: Could not create a SecurityToken. A token was not found in the token cache and no cookie was found in the context.

System.IdentityModel.Tokens.SecurityTokenException: ID4243: Could not create a SecurityToken. A token was not found in the token cache and no cookie was found in the context.
   at System.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver)
   at System.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(Byte[] token, SecurityTokenResolver tokenResolver)
   at System.IdentityModel.Services.SessionAuthenticationModule.ReadSessionTokenFromCookie(Byte[] sessionCookie)
   at System.IdentityModel.Services.SessionAuthenticationModule.TryReadSessionTokenFromCookie(SessionSecurityToken& sessionToken)
   at System.IdentityModel.Services.SessionAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

0 0
replied on July 12, 2022

"Unable to log in: could not identify Laserfiche Directory Server site for user login." could suggest the STS web app does not have a valid connection to the LFDS service.

Can you go to https://localhost/LFDSSTS/configuration on the machine hosting STS and see if it reports any errors in the UI? If it doesn't, try changing any setting and selecting "Update" to see if that throws errors (if not, go ahead and change the setting back).

0 0
replied on July 12, 2022

I made a change (unchecked "show organization drop-down list), it said successful, then I reverted the change.  No errors.

0 0
replied on July 12, 2022 Show version history

Okay, that likely indicates STS has a working connection to LFDS. Do you only get the "An error has occurred" message accessing LFFSTS through Nginx?

0 0
replied on July 13, 2022

Yes.  If I use a URL that points directly to the server, the login works as expected.

0 0
replied on July 8, 2022

I'm using NGINX on a linux box.

0 0
replied on July 8, 2022

Also, used a different URL, and I get a different error.  I feel like I need to change a config on a web server somewhere, just not sure where.

 

 

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Attachments
Related Posts
Loading ...