| 20 May 2019 |
 @jasonm:matrix.cambsac.org.uk | In reply to @max:kamax.io
can you tell me the exact step by step from the moment the link is clicked for both scenarios:
- what is actually happening
- what you expect to see
I'll need the step-by-step in both. Clearly it's a matter of expectations that maybe can be resolved by configuration, or maybe it's just a misunderstanding on what is happening
see https://nextcloud.cropwell.net/index.php/s/LEEHqPmFTryGtCN | 13:06:56 |
 Maximus | Jason Morgan: thank you for the detailed walkthrough, I see two things here:
- Riot v1.x has issue handling the links from email verification in a meaningful way from its own link. The fact that mxisd sends back to the Riot client is because the client has given a "Next URL" after validation, but Riot doesn't handle its own URL right. Regardless, there should be the initial window/tab from step 5 which can be used and will bring Alice to the landing "logged in" page. The 2nd tab will just look like it failed.
- The invite remaining unresolved is most likely due to an issue with not having an Identity Store configured to resolve such associatation. It depends where Alice registered the account. If it was on the same homeserver as the invite, you'll need at least the Synapse Identity Store configured, since that's where the info will live about the mapping.
- The email from the invite and from the registration must exactly match. Your walkthrough make it look like that's the case, but it might not be with your real user.
| 13:14:13 |
| @jasonm:matrix.cambsac.org.uk | In reply to @max:kamax.io
Jason Morgan: thank you for the detailed walkthrough, I see two things here:
- Riot v1.x has issue handling the links from email verification in a meaningful way from its own link. The fact that mxisd sends back to the Riot client is because the client has given a "Next URL" after validation, but Riot doesn't handle its own URL right. Regardless, there should be the initial window/tab from step 5 which can be used and will bring Alice to the landing "logged in" page. The 2nd tab will just look like it failed.
- The invite remaining unresolved is most likely due to an issue with not having an Identity Store configured to resolve such associatation. It depends where Alice registered the account. If it was on the same homeserver as the invite, you'll need at least the Synapse Identity Store configured, since that's where the info will live about the mapping.
- The email from the invite and from the registration must exactly match. Your walkthrough make it look like that's the case, but it might not be with your real user.
1: Riot 1.1.2, I was not aware of Riot 2? | 14:28:41 |
| @jasonm:matrix.cambsac.org.uk | In reply to @jasonm:matrix.cambsac.org.uk
1: Riot 1.1.2, I was not aware of Riot 2? 2: I have Synapse ID store configured, I think - how would I test that? | 14:29:57 |
| @jasonm:matrix.cambsac.org.uk | In reply to @jasonm:matrix.cambsac.org.uk
1: Riot 1.1.2, I was not aware of Riot 2? 3: The emails match (how that you have _URL_ENCODING) | 14:30:28 |
| @jasonm:matrix.cambsac.org.uk | In reply to @max:kamax.io
Jason Morgan: thank you for the detailed walkthrough, I see two things here:
- Riot v1.x has issue handling the links from email verification in a meaningful way from its own link. The fact that mxisd sends back to the Riot client is because the client has given a "Next URL" after validation, but Riot doesn't handle its own URL right. Regardless, there should be the initial window/tab from step 5 which can be used and will bring Alice to the landing "logged in" page. The 2nd tab will just look like it failed.
- The invite remaining unresolved is most likely due to an issue with not having an Identity Store configured to resolve such associatation. It depends where Alice registered the account. If it was on the same homeserver as the invite, you'll need at least the Synapse Identity Store configured, since that's where the info will live about the mapping.
- The email from the invite and from the registration must exactly match. Your walkthrough make it look like that's the case, but it might not be with your real user.
Ok got something. The setting enabled: true was missing from synapseSql: so I added it and now I get.
May 20 16:39:54 bsac240 mxisd[9064]: [Thread-9] WARN io.kamax.mxisd.invitation.InvitationManager - Unable to tell HS matrix.cambsac.org.uk about invite being mapped
May 20 16:39:54 bsac240 mxisd[9064]: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
And a bunch more subsequent errors. It seems some SSL cert is missing? | 14:51:04 |
| Maximus | synapse doesn't provide a correct TLS certificate and/or chain on the federation port | 14:52:03 |
| Maximus | or at least what resolves to the supposed federation port - you don't show the full log context, so can't know for sure what is going on | 14:54:07 |
| Maximus | Follow up: After some log exchanges in DMs, federation hostname resolves to IPv6 but no reverse proxy on that IP which triggered the invalid TLS cert | 16:45:21 |
| 22 May 2019 |
|  @travankor:matrix.org joined the room. | 00:11:10 |
|  @szenzero:voicematrix.iskon.hr joined the room. | 09:17:10 |
| 23 May 2019 |
| @travankor:matrix.org changed their profile picture. | 02:24:14 |
| 22 May 2019 |
| @szenzero:voicematrix.iskon.hr left the room. | 09:17:52 |
| 23 May 2019 |
| @travankor:matrix.org changed their profile picture. | 03:37:50 |
|  lino joined the room. | 15:03:37 |
| lino | Redacted or Malformed Event | 15:07:29 |
| lino | Redacted or Malformed Event | 15:08:13 |
| lino | Hello! First of all, thank you so much for this piece of software! :)
Maybe you can answer a question for me. I use mxisd on different servers, after updating mxisd I get the following error message when deleting a user:
{
"errcode": "M_UNKNOWN",
"error": "Failed to remove threepid from ID server"
}
I'm not even sure if it's mxisd. But maybe you have an idea!
| 15:08:52 |
| Maximus | lino: 3PID removal (triggered by account deactivation in synapse) is not part of the spec, so not supported. It also comes with several privacy issues which are ignored purposuflly by synapse's devs and illegal under GDPR, so mxisd actively blocks the endpoint. See https://github.com/kamax-matrix/mxisd/wiki/mxisd-and-your-privacy | 15:11:02 |
| lino | Ahh okay! How would I delete or deactivate an account in this case? | 15:12:59 |
| Maximus | See the link please | 15:13:16 |
| lino | So I have to change something in my Nginx configuration to make it work. But isn't that privacy compliant, right? | 15:16:33 |
| Maximus | Yes | 15:28:49 |
| 24 May 2019 |
 Matt (eggy) | what is new in 1.4.3, I'm on 1.4.2 | 23:04:03 |
| Maximus | https://github.com/kamax-matrix/mxisd/releases/tag/v1.4.3 | 23:06:20 |
| 27 May 2019 |
|  Atreatis joined the room. | 10:31:30 |
| Atreatis | Hello there :) | 10:32:17 |
| Maximus | Atreatis: Hi, welcome to the mxisd project rooms. How can wd help? | 11:04:16 |
| Atreatis | Currently debugging the federation of my server at the moment since I can only validate for 3RC | 11:04:48 |
| Atreatis | how ever it's called :s | 11:04:54 |
