Nextcloud 19.0.1 login redirect loop

Nextcloud version: 19.0.1
Operating system and version: CentOS 8
Apache or nginx version: nginx/1.14.1
PHP version : 7.4.8

The issue you are facing:
Getting a login redirect loop when trying to login.

Is this the first time you’ve seen this error?:
Yes

Steps to replicate it:
N/A

The output of your Nextcloud log in Admin > Logging:
N/A

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):
Nextcloud Config: https://pastebin.com/5StBSa8f
Nginx Config: https://pastebin.com/sBUbmeAH

The output of your Apache/nginx/system log in /var/log/____:
No Errors in Nginx Log

System has been working for awhile with 2FA/LDAP for authentication and this just started recently. I am not sure what caused this either since I have not accessed this server for a little bit. Interestingly the mobile app is able to connect just fine and if updates if there are changes to files. It only appears to be affect connections from the browser.

You probably bypass 2FA on your mobile using app password.
That means the 2FA app is to blame for your browser login problems…

I would have thought so too but when i disabled 2FA with “sudo -u nginx php /var/www/nextcloud/occ app:disable twofactor_totp” and confirmed it was disabled in config.php I am still not able to login.

Mobile device is also prompting for a login now (guess it finally timed out) but I have not setup application codes yet for the mobile device.

I was facing the same issue but with the docker latest install of Nextcloud. From your config I see that you are using Redis like I do, In my case I traced it down to somehow being related to redis and the login sessions not being saved because with Nextcloud set to loglevel 0 I saw in the nextcloud.log that it threw NotLoggedInExceptions even though I provided correct credentials.

So just to be sure I disabled Redis and everything was working again. I would also like to mention that previously to this update I just used the “REDIS_HOST” variable with docker to set my redis instance via docker container linking and with this update applied it already threw errors in the docker log and the WebUI was not working because apparently Nextcloud wanted to authenticate with Redis using an empty password now (I did not set a docker environment variable or a config entry for it). So I set an empty “REDIS_HOST_PASSWORD” variable for the container and it started correctly and the apps connected like yours do (desktop/mobile/dav). The WebUI still was on login loop so I just set a password for the Redis instance and pasted it into the variable of the nextcloud container and everything was working again. This all was with Nextcloud 19.0.1 and Redis 6.0.5.

TL;DR
With this update Nextcloud wanted to authenticate with my Redis instance which had no password set, so sessions were not saved and thus the login loop. Fixed it by setting a password for the Redis instance.

I took a look at my redis configuration and have set the following in /etc/redis.conf:

requirepass superstrongpassword

and then in config.php i set this:

‘memcache.distributed’ => ‘\OC\Memcache\Redis’,
‘redis’ =>
array (
‘host’ => ‘127.0.0.1’,
‘port’ => 6379,
‘password’ => ‘superstrongpassword’,
),

rebooted the box and still looping :frowning:

Okay, if that did not work my last wild guess would be to set the overwrite.cli.url, overwriteprotocol and overwritehost in your nextclouds config.php because I also did that and read in the forum that it helped in some cases.

If this also does not work try setting your loglevel to 0 and have a look what is going on in your nextcloud.log when you try to login. Your reverse proxy and webserver logs could also be of interest, if you post the logs here be sure to remove any security related information.

Do the apps (desktop/mobile/dav) still work, so upload and download stuff? Does the login on the apps still work? Because if so it cannot be too big of a misconfiguration going on I guess.

I am seeing the below lines when I try to login for both LDAP and local accounts (haven’t tried the overwrite options yet). Is it possible that something is wrong with the LDAP backend (not sure why postLDAPBackendAdded is null?)

{“reqId”:“F8zgLUvrc8KnE7X0LLGW”,“level”:0,“time”:“2020-07-20T15:44:15+00:00”,“remoteAddr”:"###.###.###.###",“user”:"–",“app”:“cron”,“method”:“GET”,“url”:"/cron.php",“message”:“Finished OC\Preview\BackgroundCleanupJob job with ID 26 in 1 seconds”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36”,“version”:“19.0.1.1”}
{“reqId”:“VmGIc1wwhsyT3V7dg9PR”,“level”:0,“time”:“2020-07-20T15:45:12+00:00”,“remoteAddr”:"###.###.###.###",“user”:"–",“app”:“no app in context”,“method”:“POST”,“url”:"/login",“message”:“Deprecated event type for OCA\User_LDAP\User\User::postLDAPBackendAdded: null”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36”,“version”:“19.0.1.1”}
{“reqId”:“9rquzIcCEwHhebbdUFIQ”,“level”:0,“time”:“2020-07-20T15:45:12+00:00”,“remoteAddr”:"###.###.###.###",“user”:"–",“app”:“no app in context”,“method”:“GET”,“url”:"/apps/files/",“message”:“Deprecated event type for OCA\User_LDAP\User\User::postLDAPBackendAdded: null”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36”,“version”:“19.0.1.1”}
{“reqId”:“9rquzIcCEwHhebbdUFIQ”,“level”:0,“time”:“2020-07-20T15:45:12+00:00”,“remoteAddr”:"###.###.###.###",“user”:"–",“app”:“core”,“method”:“GET”,“url”:"/apps/files/",“message”:{“Exception”:“OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException”,“Message”:“Current user is not logged in”,“Code”:401,“Trace”:[{“file”:"/var/www/nextcloud/lib/private/AppFramework/Middleware/MiddlewareDispatcher.php",“line”:98,“function”:“beforeController”,“class”:“OC\AppFramework\Middleware\Security\SecurityMiddleware”,“type”:"->"},{“file”:"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",“line”:98,“function”:“beforeController”,“class”:“OC\AppFramework\Middleware\MiddlewareDispatcher”,“type”:"->"},{“file”:"/var/www/nextcloud/lib/private/AppFramework/App.php",“line”:137,“function”:“dispatch”,“class”:“OC\AppFramework\Http\Dispatcher”,“type”:"->"},{“file”:"/var/www/nextcloud/lib/private/AppFramework/Routing/RouteActionHandler.php",“line”:47,“function”:“main”,“class”:“OC\AppFramework\App”,“type”:"::"},{“function”:"__invoke",“class”:“OC\AppFramework\Routing\RouteActionHandler”,“type”:"->"},{“file”:"/var/www/nextcloud/lib/private/Route/Router.php",“line”:297,“function”:“call_user_func”},{“file”:"/var/www/nextcloud/lib/base.php",“line”:1007,“function”:“match”,“class”:“OC\Route\Router”,“type”:"->"},{“file”:"/var/www/nextcloud/index.php",“line”:37,“function”:“handleRequest”,“class”:“OC”,“type”:"::"}],“File”:"/var/www/nextcloud/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php",“Line”:142,“CustomMessage”:"–"},“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36”,“version”:“19.0.1.1”}
{“reqId”:“XkAtvgXO9aeo2gml3dbT”,“level”:0,“time”:“2020-07-20T15:45:12+00:00”,“remoteAddr”:"###.###.###.###",“user”:"–",“app”:“no app in context”,“method”:“GET”,“url”:"/login?redirect_url=/apps/files/",“message”:“Deprecated event type for OCA\User_LDAP\User\User::postLDAPBackendAdded: null”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36”,“version”:“19.0.1.1”}
{“reqId”:“rsINWDaBFn76rLQvwvYj”,“level”:0,“time”:“2020-07-20T15:45:13+00:00”,“remoteAddr”:"###.###.###.###",“user”:"–",“app”:“no app in context”,“method”:“GET”,“url”:"/cron.php",“message”:“Deprecated event type for OCA\User_LDAP\User\User::postLDAPBackendAdded: null”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36”,“version”:“19.0.1.1”}
{“reqId”:“rsINWDaBFn76rLQvwvYj”,“level”:0,“time”:“2020-07-20T15:45:13+00:00”,“remoteAddr”:"###.###.###.###",“user”:"–",“app”:“cron”,“method”:“GET”,“url”:"/cron.php",“message”:“Run OCA\WorkflowEngine\BackgroundJobs\Rotate job with ID 1”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36”,“version”:“19.0.1.1”}
{“reqId”:“rsINWDaBFn76rLQvwvYj”,“level”:0,“time”:“2020-07-20T15:45:13+00:00”,“remoteAddr”:"###.###.###.###",“user”:"–",“app”:“cron”,“method”:“GET”,“url”:"/cron.php",“message”:“Finished OCA\WorkflowEngine\BackgroundJobs\Rotate job with ID 1 in 0 seconds”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36”,“version”:“19.0.1.1”}

I don’t think that the problem is with the ldap because the messages only seem to be deprecation warnings, from the attached line I see that you also get the NotLoggedInException, I am no PHP pro so I cannot really debug this but if you haven’t tried already set the url, protocol and host like I mentioned before, according to the Nextcloud doc this should be detected automatically but to be sure you can set it manually just to take this possibility out of the equation. If this still does not work I would assume something is not correct with the session handling. I would recommend having a look at where PHP saves sessions, it should be in Redis if it is configured. If they are not saved in Redis there may be some issues with file/folder ownership and sessions can’t be written. If they should be saved in Redis you can try to disable Redis for session handling.

{“reqId”:“9rquzIcCEwHhebbdUFIQ”,“level”:0,“time”:“2020-07-20T15:45:12+00:00”,“remoteAddr”:"###.###.###.###",“user”:"–",“app”:“core”,“method”:“GET”,“url”:"/apps/files/",“message”:{“Exception”:“OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException”,“Message”:“Current user is not logged in”,“Code”:401,“Trace”:[{“file”:"/var/www/nextcloud/lib/private/AppFramework/Middleware/MiddlewareDispatcher.php",“line”:98,“function”:“beforeController”,“class”:“OC\AppFramework\Middleware\Security\SecurityMiddleware”,“type”:"->"},{“file”:"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",“line”:98,“function”:“beforeController”,“class”:“OC\AppFramework\Middleware\MiddlewareDispatcher”,“type”:"->"},{“file”:"/var/www/nextcloud/lib/private/AppFramework/App.php",“line”:137,“function”:“dispatch”,“class”:“OC\AppFramework\Http\Dispatcher”,“type”:"->"},{“file”:"/var/www/nextcloud/lib/private/AppFramework/Routing/RouteActionHandler.php",“line”:47,“function”:“main”,“class”:“OC\AppFramework\App”,“type”:"::"},{“function”:"__invoke",“class”:“OC\AppFramework\Routing\RouteActionHandler”,“type”:"->"},{“file”:"/var/www/nextcloud/lib/private/Route/Router.php",“line”:297,“function”:“call_user_func”},{“file”:"/var/www/nextcloud/lib/base.php",“line”:1007,“function”:“match”,“class”:“OC\Route\Router”,“type”:"->"},{“file”:"/var/www/nextcloud/index.php",“line”:37,“function”:“handleRequest”,“class”:“OC”,“type”:"::"}],“File”:"/var/www/nextcloud/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php",“Line”:142,“CustomMessage”:"–"},“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36”,“version”:“19.0.1.1”}