Error M_UNAUTHORIZED: Supplied credentials are invalid
prismplex opened this issue · comments
First of all thank you for this great project. Unfortunately I cannot manage to get the configuration to work. Maybe I am missing something...
Currently getting this error when I try to add my identity server via Element web interface (also self-hosted):
INFO io.kamax.mxisd.http.undertow.handler.BasicHttpHandler - Request POST http://matrix.prismplex.tech/_matrix/identity/v2/account/register - Error M_UNAUTHORIZED: Supplied credentials are invalid
The whole project (besides nginx) runs in docker containers with acme.sh as letsencrypt provider.
Could somebody help me please? Thank you!
Nginx
.../sites-enabled/matrix.domain.com.conf
...
# ma1sd
location /_matrix/client/r0/user_directory {
proxy_pass http://localhost:8090/_matrix/client/r0/user_directory;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
# ma1sd
location ^~ /_matrix/identity {
proxy_pass http://localhost:8090/_matrix/identity;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
# synapse
location ~* ^(\/_matrix|\/_synapse\/client) {
proxy_pass http://localhost:8008;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
# synapse
location / {
proxy_pass http://localhost:8008;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
...
ma1sd
.../etc/ma1sd.yaml
matrix:
domain: 'matrix.domain.com'
v1: true # deprecated
v2: true # MSC2140 API v2. Riot require enabled V2 API.
key:
path: '/var/ma1sd/sign.key'
storage:
backend: sqlite # or postgresql
provider:
sqlite:
database: '/var/ma1sd/ma1sd.db'
threepid:
medium:
email:
identity:
from: "matrix@domain.com"
connectors:
smtp:
host: "mail.domain.com"
tls: 1
port: 587
login: "matrix@domain.com"
password: "password"
hashing:
enabled: false # enable or disable the hash lookup MSC2140 (default is false)
pepperLength: 20 # length of the pepper value (default is 20)
rotationPolicy: per_requests # or `per_seconds` how often the hashes will be updating
hashStorageType: sql # or `in_memory` where the hashes will be stored
algorithms:
- none # the same as v1 bulk lookup
- sha256 # hash the 3PID and pepper.
delay: 2m # how often hashes will be updated if rotation policy = per_seconds (default is 10s)
requests: 10 # how many lookup requests will be performed before updating hashes if rotation policy = per_requests (default is 10)
synapseSql:
lookup:
query: 'select user_id as mxid, medium, address from user_threepid_id_server' # query for retrive 3PIDs for hashes.
Full log
[main] INFO io.undertow - starting server: Undertow - 2.0.27.Final
[main] INFO App - ma1sd started
[Thread-1] INFO io.undertow - stopping server: Undertow - 2.0.27.Final
[Thread-1] INFO App - ma1sd stopped
[main] INFO io.kamax.mxisd.config.YamlConfigLoader - Reading config from /etc/ma1sd/ma1sd.yaml
[main] INFO io.kamax.mxisd.config.YamlConfigLoader - Loaded config from /etc/ma1sd/ma1sd.yaml
[main] INFO App - ma1sd starting
[main] INFO App - Version: 2.4.0
[main] INFO App - Logging config:
[main] INFO App - Logging level hasn't set, use default
[main] INFO App - Log requests: false
[main] INFO io.kamax.mxisd.config.DirectoryConfig - --- Account config ---
[main] INFO io.kamax.mxisd.config.DirectoryConfig - Allow registration only for trust domain: true
[main] INFO io.kamax.mxisd.config.DirectoryConfig - --- Directory config ---
[main] INFO io.kamax.mxisd.config.DirectoryConfig - Exclude:
[main] INFO io.kamax.mxisd.config.DirectoryConfig - Homeserver: false
[main] INFO io.kamax.mxisd.config.DirectoryConfig - 3PID: false
[main] INFO io.kamax.mxisd.config.DnsOverwriteConfig - --- DNS Overwrite config ---
[main] INFO io.kamax.mxisd.config.DnsOverwriteConfig - Homeserver:
[main] INFO io.kamax.mxisd.config.DnsOverwriteConfig - Client: []
[main] INFO io.kamax.mxisd.config.DnsOverwriteConfig - Federation: []
[main] INFO io.kamax.mxisd.config.FirebaseConfig - --- Firebase configuration ---
[main] INFO io.kamax.mxisd.config.FirebaseConfig - Enabled: false
[main] INFO io.kamax.mxisd.config.InvitationConfig - --- Invite config ---
[main] INFO io.kamax.mxisd.config.InvitationConfig - Expiration: {"after":10080}
[main] INFO io.kamax.mxisd.config.InvitationConfig - Resolution: {"recursive":true,"timer":5}
[main] INFO io.kamax.mxisd.config.InvitationConfig - Policies: {"if_sender":{"has_role":[]}}
[main] INFO io.kamax.mxisd.config.ldap.LdapConfig - --- Generic LDAP Config ---
[main] INFO io.kamax.mxisd.config.ldap.LdapConfig - Enabled: false
[main] INFO io.kamax.mxisd.config.RecursiveLookupBridgeConfig - --- Bridge integration lookups config ---
[main] INFO io.kamax.mxisd.config.RecursiveLookupBridgeConfig - Enabled: false
[main] INFO io.kamax.mxisd.config.MatrixConfig - --- Matrix config ---
[main] INFO io.kamax.mxisd.config.MatrixConfig - Domain: matrix.domain.com
[main] INFO io.kamax.mxisd.config.MatrixConfig - Identity:
[main] INFO io.kamax.mxisd.config.MatrixConfig - Servers: {"matrix-org":["https://matrix.org"]}
[main] INFO io.kamax.mxisd.config.MatrixConfig - API v1: true
[main] INFO io.kamax.mxisd.config.MatrixConfig - API v2: true
[main] WARN io.kamax.mxisd.config.MatrixConfig - API v1 is deprecated via MSC2140: https://github.com/matrix-org/matrix-doc/pull/2140 and will be deleted in future releases.
[main] WARN io.kamax.mxisd.config.MatrixConfig - Please upgrade your homeserver and enable only API v2.
[main] INFO io.kamax.mxisd.config.ldap.LdapConfig - --- NetIQ eDirectory Config ---
[main] INFO io.kamax.mxisd.config.ldap.LdapConfig - Enabled: false
[main] INFO io.kamax.mxisd.config.threepid.notification.NotificationConfig - --- Notification config ---
[main] INFO io.kamax.mxisd.config.threepid.notification.NotificationConfig - Handlers:
[main] INFO io.kamax.mxisd.config.threepid.notification.NotificationConfig - msisdn: raw
[main] INFO io.kamax.mxisd.config.threepid.notification.NotificationConfig - email: raw
[main] INFO io.kamax.mxisd.config.rest.RestBackendConfig - --- REST backend config ---
[main] INFO io.kamax.mxisd.config.rest.RestBackendConfig - Enabled: false
[main] INFO io.kamax.mxisd.config.SessionConfig - --- Session config ---
[main] INFO io.kamax.mxisd.config.SessionConfig - Global Policy: {"validation":{"enabled":true},"unbind":{"enabled":true,"notifications":true}}
[main] INFO io.kamax.mxisd.config.ServerConfig - --- Server config ---
[main] INFO io.kamax.mxisd.config.ServerConfig - Name: matrix.domain.com
[main] INFO io.kamax.mxisd.config.ServerConfig - Port: 8090
[main] INFO io.kamax.mxisd.config.ServerConfig - Public URL: https://matrix.domain.com
[main] INFO io.kamax.mxisd.config.ServerConfig - Hostname: 0.0.0.0
[main] INFO io.kamax.mxisd.config.sql.SqlConfig - --- Synapse SQL Provider config ---
[main] INFO io.kamax.mxisd.config.sql.SqlConfig - Enabled: false
[main] INFO io.kamax.mxisd.config.ViewConfig - --- View config ---
[main] INFO io.kamax.mxisd.config.ViewConfig - Session: {"local":{"on_token_submit":{}},"on_token_submit":{"failure":"classpath:/templates/session/tokenSubmitFailure.html","success":"classpath:/templates/session/tokenSubmitSuccess.html"}}
[main] INFO io.kamax.mxisd.config.PolicyConfig - --- Policy Config ---
[main] INFO io.kamax.mxisd.config.PolicyConfig - Empty
[main] WARN io.kamax.mxisd.config.HashingConfig - V2 enabled without the hash configuration.
[main] INFO io.kamax.mxisd.config.HashingConfig - Hash configuration disabled, used only `none` pepper.
[main] INFO io.kamax.mxisd.storage.ormlite.OrmLiteSqlStorage - Create the dao: ChangelogDao
[main] INFO io.kamax.mxisd.storage.ormlite.OrmLiteSqlStorage - Create the dao: ThreePidInviteIO
[main] INFO io.kamax.mxisd.storage.ormlite.OrmLiteSqlStorage - Create the dao: HistoricalThreePidInviteIO
[main] INFO io.kamax.mxisd.storage.ormlite.OrmLiteSqlStorage - Create the dao: ThreePidSessionDao
[main] INFO io.kamax.mxisd.storage.ormlite.OrmLiteSqlStorage - Create the dao: ASTransactionDao
[main] INFO io.kamax.mxisd.storage.ormlite.OrmLiteSqlStorage - Create the dao: AccountDao
[main] INFO io.kamax.mxisd.storage.ormlite.OrmLiteSqlStorage - Create the dao: AcceptedDao
[main] INFO io.kamax.mxisd.storage.ormlite.OrmLiteSqlStorage - Create the dao: HashDao
[main] INFO io.kamax.mxisd.storage.crypto.FileKeyStore - Key store is already in directory format
[main] INFO com.mchange.v2.c3p0.C3P0Registry - Initializing c3p0-0.9.5.4 [built 23-March-2019 23:00:48 -0700; debug? true; trace: 10]
[main] INFO io.kamax.mxisd.config.threepid.medium.EmailTemplateConfig - --- E-mail Generator templates config ---
[main] INFO io.kamax.mxisd.config.threepid.medium.EmailTemplateConfig - Invite: Built-in (/threepids/email/invite-template.eml)
[main] INFO io.kamax.mxisd.config.threepid.medium.EmailTemplateConfig - Session:
[main] INFO io.kamax.mxisd.config.threepid.medium.EmailTemplateConfig - Validation: classpath:/threepids/email/validate-template.eml
[main] INFO io.kamax.mxisd.config.threepid.medium.EmailTemplateConfig - Unbind:
[main] INFO io.kamax.mxisd.config.threepid.medium.EmailTemplateConfig - Notification: classpath:/threepids/email/unbind-notification.eml
[main] INFO io.kamax.mxisd.config.threepid.connector.EmailSmtpConfig - --- E-mail SMTP Connector config ---
[main] INFO io.kamax.mxisd.config.threepid.connector.EmailSmtpConfig - Host: mail.domain.com
[main] INFO io.kamax.mxisd.config.threepid.connector.EmailSmtpConfig - Port: 587
[main] INFO io.kamax.mxisd.config.threepid.connector.EmailSmtpConfig - TLS Mode: 1
[main] INFO io.kamax.mxisd.config.threepid.connector.EmailSmtpConfig - Login: matrix@domain.com
[main] INFO io.kamax.mxisd.config.threepid.connector.EmailSmtpConfig - Has password: true
[main] INFO io.kamax.mxisd.lookup.strategy.RecursivePriorityLookupStrategy - Found 2 providers
[main] INFO io.kamax.mxisd.lookup.strategy.RecursivePriorityLookupStrategy - - io.kamax.mxisd.lookup.provider.DnsLookupProvider
[main] INFO io.kamax.mxisd.lookup.strategy.RecursivePriorityLookupStrategy - - io.kamax.mxisd.lookup.provider.ForwarderProvider
[main] INFO io.kamax.mxisd.lookup.strategy.RecursivePriorityLookupStrategy - Recursive lookup enabled: true
[main] INFO io.kamax.mxisd.lookup.strategy.RecursivePriorityLookupStrategy - 127.0.0.0/8 is allowed for recursion
[main] INFO io.kamax.mxisd.lookup.strategy.RecursivePriorityLookupStrategy - 10.0.0.0/8 is allowed for recursion
[main] INFO io.kamax.mxisd.lookup.strategy.RecursivePriorityLookupStrategy - 172.16.0.0/12 is allowed for recursion
[main] INFO io.kamax.mxisd.lookup.strategy.RecursivePriorityLookupStrategy - 192.168.0.0/16 is allowed for recursion
[main] INFO io.kamax.mxisd.lookup.strategy.RecursivePriorityLookupStrategy - ::1/128 is allowed for recursion
[main] INFO io.kamax.mxisd.lookup.strategy.RecursivePriorityLookupStrategy - Hash lookups enabled: false
[main] INFO io.kamax.mxisd.profile.ProfileManager - Profile Providers:
[main] INFO io.kamax.mxisd.notification.NotificationManager - Found handler raw for medium email
[main] INFO io.kamax.mxisd.notification.NotificationManager - --- Notification handler ---
[main] INFO io.kamax.mxisd.notification.NotificationManager - Handler for email: raw
[main] INFO io.kamax.mxisd.invitation.InvitationManager - Loaded saved invites
[main] INFO io.kamax.mxisd.invitation.InvitationManager - Setting up invitation mapping refresh timer
[main] INFO io.kamax.mxisd.directory.DirectoryManager - Directory providers:
[main] INFO io.undertow - starting server: Undertow - 2.0.27.Final
[main] INFO App - ma1sd started
[XNIO-1 task-3] INFO io.kamax.mxisd.http.undertow.handler.auth.v2.AccountRegisterHandler - Registration from domain: domain.com, expired at Sat Feb 06 12:08:31 GMT 2021
[XNIO-1 task-3] INFO io.kamax.mxisd.auth.AccountManager - Registration from the server: domain.com
[XNIO-1 task-3] INFO io.kamax.mxisd.matrix.HomeserverFederationResolver - No DNS overwrite for domain.com
[XNIO-1 task-3] INFO io.kamax.mxisd.matrix.HomeserverFederationResolver - Could not parse well-known resource: M_BAD_JSON: com.google.gson.stream.MalformedJsonException: Use JsonReader.setLenient(true) to accept malformed JSON at line 1 column 12 path $
[XNIO-1 task-3] INFO io.kamax.mxisd.matrix.HomeserverFederationResolver - Resolution of domain.com via DNS SRV record to https://matrix.domain.com:8448
[XNIO-1 task-3] INFO io.kamax.mxisd.auth.AccountManager - Domain resolved: domain.com => https://matrix.domain.com:8448
[XNIO-1 task-3] ERROR io.kamax.mxisd.auth.AccountManager - Unable to get user info.
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
at io.kamax.mxisd.auth.AccountManager.getUserId(AccountManager.java:77)
at io.kamax.mxisd.auth.AccountManager.register(AccountManager.java:53)
at io.kamax.mxisd.http.undertow.handler.auth.v2.AccountRegisterHandler.handleRequest(AccountRegisterHandler.java:54)
at io.kamax.mxisd.http.undertow.handler.SaneHandler.handleRequest(SaneHandler.java:71)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:376)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:362)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:270)
at sun.security.validator.Validator.validate(Validator.java:262)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)
... 28 more
Caused by: java.security.cert.CertPathValidatorException: validity check failed
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:233)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:141)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:80)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:357)
... 34 more
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Tue Apr 28 13:32:03 GMT 2020
at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274)
at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629)
at sun.security.provider.certpath.BasicChecker.verifyValidity(BasicChecker.java:190)
at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:144)
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
... 39 more
[XNIO-1 task-3] INFO io.kamax.mxisd.http.undertow.handler.BasicHttpHandler - Request POST http://matrix.domain.com/_matrix/identity/v2/account/register - Error M_UNAUTHORIZED: Supplied credentials are invalid
[XNIO-1 task-6] INFO io.kamax.mxisd.http.undertow.handler.auth.v2.AccountRegisterHandler - Registration from domain: domain.com, expired at Sat Feb 06 12:29:12 GMT 2021
[XNIO-1 task-6] INFO io.kamax.mxisd.auth.AccountManager - Registration from the server: domain.com
[XNIO-1 task-6] INFO io.kamax.mxisd.matrix.HomeserverFederationResolver - No DNS overwrite for domain.com
[XNIO-1 task-6] INFO io.kamax.mxisd.matrix.HomeserverFederationResolver - Could not parse well-known resource: M_BAD_JSON: com.google.gson.stream.MalformedJsonException: Use JsonReader.setLenient(true) to accept malformed JSON at line 1 column 12 path $
[XNIO-1 task-6] INFO io.kamax.mxisd.matrix.HomeserverFederationResolver - Resolution of domain.com via DNS SRV record to https://matrix.domain.com:8448
[XNIO-1 task-6] INFO io.kamax.mxisd.auth.AccountManager - Domain resolved: domain.com => https://matrix.domain.com:8448
[XNIO-1 task-6] INFO io.kamax.mxisd.auth.AccountManager - Allow registration only for trust domain.
[XNIO-1 task-6] ERROR io.kamax.mxisd.auth.AccountManager - Deny user @thomas.winkler:domain.com to registration
[XNIO-1 task-6] INFO io.kamax.mxisd.http.undertow.handler.BasicHttpHandler - Request POST http://matrix.domain.com/_matrix/identity/v2/account/register - Error M_UNAUTHORIZED: Supplied credentials are invalid
*real domain has been replaced by matrix.domain.com
Issue still exists
i am facing the same issue
I have a similar issue with a similar setup. When I look my at my account information (displayname, email) in my element profile, I get empty fields and the following errors on the server:
Jan 05 16:48:21 matrix-ma1sd[1650401]: [XNIO-1 task-2] INFO io.kamax.mxisd.auth.AccountManager - Found account for user: @matrixuser.matrix.domain.com
Jan 05 16:48:21 matrix-ma1sd[1650401]: [XNIO-1 task-2] ERROR io.kamax.mxisd.http.undertow.handler.AuthorizationHandler - Account for '@matrixuser.matrix.domain.com' from: matrix.domain.com
Jan 05 16:48:21 matrix-ma1sd[1650401]: [XNIO-1 task-2] ERROR io.kamax.mxisd.http.undertow.handler.SaneHandler - Unauthorized:
Jan 05 16:48:21 matrix-ma1sd[1650401]: io.kamax.mxisd.exception.InvalidCredentialsException: Supplied credentials are invalid
Jan 05 16:48:21 matrix-ma1sd[1650401]: at io.kamax.mxisd.http.undertow.handler.AuthorizationHandler.handleRequest(AuthorizationHandler.java:65)
Jan 05 16:48:21 matrix-ma1sd[1650401]: at io.kamax.mxisd.http.undertow.handler.SaneHandler.handleRequest(SaneHandler.java:71)
Jan 05 16:48:21 matrix-ma1sd[1650401]: at io.undertow.server.Connectors.executeRootHandler(Connectors.java:387)
Jan 05 16:48:21 matrix-ma1sd[1650401]: at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:841)
Jan 05 16:48:21 matrix-ma1sd[1650401]: at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
Jan 05 16:48:21 matrix-ma1sd[1650401]: at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:2019)
Jan 05 16:48:21 matrix-ma1sd[1650401]: at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1558)
Jan 05 16:48:21 matrix-ma1sd[1650401]: at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1449)
Jan 05 16:48:21 matrix-ma1sd[1650401]: at java.lang.Thread.run(Thread.java:748)
Jan 05 16:48:21 matrix-ma1sd[1650401]: [XNIO-1 task-2] INFO io.kamax.mxisd.http.undertow.handler.BasicHttpHandler - Request GET http://matrix.domain.com/_matrix/identity/v2/hash_details - Error M_UNAUTHORIZED: Supplied credentials are invalid
restarting the ma1sd-service by hand helps for some time but then the same error occurs again
edit:I still need to re-log my element web-session to be able to see my profile data correctly, just restarting the ma1sd-service itself doesnt help
I ran into the same problem today, and I think we had the same issue here.
When I take a look at your nginx configuration, then you are missing the configuration lines for .well-known
location /.well-known/matrix/server {`
return 200 '{"m.server": "matrix.mydomain.com:443"}';
add_header Content-Type application/json;
}
location /.well-known/matrix/client {
return 200 '{"m.homeserver": {"base_url": "https://matrix.mydomain.com"}}';
add_header Content-Type application/json;
add_header "Access-Control-Allow-Origin" *;
}
That did it for me.
Hello ALL,
I am facing the same issue. Not so much documentation and explanation about this issue.
Any support ?
Regards,