I am using an CloudZiti Setup with BrowZer (with Auth0 as external JWT signer) enabled. Via the Ziti Overlay Network I want to access my Home Assistant Instance (on Raspberry Pi 4) with the Open Ziti Addon (v1.5.3) installed.
Everything works great without BrowZer Access (using JWT enrolled identities). When I try to access Home Assistant via BrowZer I can login with my Google-Mail address. The login seems to be successfully and I get fowarded to the next page. But this page only contains what appears to be encoded or binary data, wrapped in html tags:
Hi @MrRatherford, that's ... strange indeed. It kinda looks like some kind of end to end encryption-related issue to me. You're saying you can access the server fine using a tunneler, right? Only when you add browzer to the mix did this happen? Do I understand you correctly?
@curt -- does this look like an e2ee type of issue or does it seem like something else/unknown?
Hi @TheLumberjack : Correct, I access the Home Assistant without problems over identities enrolled in the client applications on android, windows and mac.
When I use OIDC authentication with browZer I only get the repsonse above.
@MrRatherford I see you are running browZer 0.52.2, our latest, which is good. Based on the above chatter, it is unclear to me what the issue is. What you see is a unique manifestation in my experience. If you are willing, perhaps we can provision an Identity for me on your network, and I can try to diagnose from here. If so, DM me, and we can continue the conversation there.
Since the web server is Raspberry Pi 4, it is possible that it is doing something different than the various other web servers known to work with browZer. e.g. maybe it is using some form of content encoding that the ZBR doesn't understand/support (e.g. not gzip which we support, but maybe the Pi is sending br). I'll need more information to diagnose.
Hi @curt unfortunately there also seems to be a problem with v1.5.4. of the openziti addon for home assistant. The addon is unable to start after the update from v1.5.3. I will sort this problem out over on the github page of the project (v1.5.4 Addon does not start · Issue #8 · NicFragale/HA-NetFoundry · GitHub) and come back to you with a private message as soon as I am able to access the system via enrolled identities in the client applications again.
@MrRatherford can you please get into dev tools, go to the Console tab, hit your web app over browZer again, and once the web page renders the gobbledygook, export the Console log, and send it to me?
please excuse the late reply! In the meantime the issue for the home assistant openziti addon has been fixed and I am running version 1.5.5 of the addon now. Unfortunately the problem with the garbled up text still persists.
I sent you a PM with the information concerning your setup identity in my CloudZiti environment.
Below you also find the chrome console log you asked for.
Hope this helps! If you need anything else please let me know!
@MrRatherford I think I see the problem. Your web server is sending HTTP Responses with Content-Encoding: deflate and it seems like the ZBR isn't handling that correctly (i.e. it's not doing the inflate, as I surmised previously). I'll work on adding that support now.
where is BrowZer implemented? Do I have to update my Home Assistant OpenZiti Addon or is this a part of the CLoudZiti Environment I am using? At the moment there are no updates available for the Home Assistant Addon.
And tested the access. It seems that your patch fixed the inflation/deflation problem! The home assistant login page is now accessible and rendered as it should via browzer.
Unfortunately there seems to be a follow up problem: After the login to home assitant the browser seems to hang in a redirection loop. Here are the logs:
Navigated to https://test.csc2024.browzer.cloudziti.io/
ziti-browzer-runtime-2f6be57b.js:215066 Ziti BrowZer Runtime is now Bootstrapping
ziti-browzer-runtime-2f6be57b.js:215070 ZBR Logging Begins...
Navigated to https://dev-pn2w8hqnw5wej8ai.eu.auth0.com/oidc/logout/confirm?state=4_mgX_EHTFjFZdUU4WAO6-59Pp01pAhD
Navigated to https://test.csc2024.browzer.cloudziti.io/
ziti-browzer-runtime-2f6be57b.js:215066 Ziti BrowZer Runtime is now Bootstrapping
ziti-browzer-runtime-2f6be57b.js:215070 ZBR Logging Begins...
Navigated to https://dev-pn2w8hqnw5wej8ai.eu.auth0.com/u/login?state=hKFo2SBwZVp2aG91NThyTS1zMTZiOUxmMzBwaXUtMXoyVG9EZaFur3VuaXZlcnNhbC1sb2dpbqN0aWTZIF9jY2hoaXI3cC0yWC1OdWp3UThkcVRIT0lyUTVYNkRPo2NpZNkgM1diN1hYYkU2Q1RXcmVYZ0JTMEFDU0dYVndBc2cyRmI
Navigated to https://test.csc2024.browzer.cloudziti.io/?code=0k3mjyd-bZZcox1U1WPcmUuFOiwupvVYfDLACZZam735a&state=gIOOaH1ifvrjxO4Ah3_98ZelVvRtmxf1f7ckkhu71gE
VM16:215066 Ziti BrowZer Runtime is now Bootstrapping
VM16:215070 ZBR Logging Begins...
Navigated to https://test.csc2024.browzer.cloudziti.io/
ziti-browzer-runtime-2f6be57b.js:215066 Ziti BrowZer Runtime is now Bootstrapping
ziti-browzer-runtime-2f6be57b.js:215070 ZBR Logging Begins...
ziti-browzer-sw--ziti-browzer-sw-workbox-strategies--aa856a5e.js:34907 SSL_connect:before SSL initialization
ziti-browzer-sw--ziti-browzer-sw-workbox-strategies--aa856a5e.js:34907 SSL_connect:SSLv3/TLS write client hello
ziti-browzer-sw--ziti-browzer-sw-workbox-strategies--aa856a5e.js:34907 SSL_connect:SSLv3/TLS write client hello
ziti-browzer-sw--ziti-browzer-sw-workbox-strategies--aa856a5e.js:34907 SSL_connect:SSLv3/TLS read server hello
ziti-browzer-sw--ziti-browzer-sw-workbox-strategies--aa856a5e.js:34907 SSL_connect:TLSv1.3 read encrypted extensions
ziti-browzer-sw--ziti-browzer-sw-workbox-strategies--aa856a5e.js:34907 SSL_connect:SSLv3/TLS read server certificate request
ziti-browzer-sw--ziti-browzer-sw-workbox-strategies--aa856a5e.js:34907 SSL_connect:SSLv3/TLS read server certificate
ziti-browzer-sw--ziti-browzer-sw-workbox-strategies--aa856a5e.js:34907 SSL_connect:TLSv1.3 read server certificate verify
ziti-browzer-sw--ziti-browzer-sw-workbox-strategies--aa856a5e.js:34907 SSL_connect:SSLv3/TLS read finished
ziti-browzer-sw--ziti-browzer-sw-workbox-strategies--aa856a5e.js:34907 SSL_connect:SSLv3/TLS write change cipher spec
ziti-browzer-sw--ziti-browzer-sw-workbox-strategies--aa856a5e.js:34907 SSL_connect:SSLv3/TLS write client certificate
ziti-browzer-sw--ziti-browzer-sw-workbox-strategies--aa856a5e.js:34907 SSL_connect:SSLv3/TLS write certificate verify
ziti-browzer-sw--ziti-browzer-sw-workbox-strategies--aa856a5e.js:34907 SSL_connect:SSLv3/TLS write finished
ziti-browzer-sw--ziti-browzer-sw-workbox-strategies--aa856a5e.js:34907 SSL_connect:SSL negotiation finished successfully
ziti-browzer-sw--ziti-browzer-sw-workbox-strategies--aa856a5e.js:34907 SSL_connect:SSL negotiation finished successfully
ziti-browzer-sw--ziti-browzer-sw-workbox-strategies--aa856a5e.js:34907 SSL_connect:SSLv3/TLS read server session ticket
Navigated to https://test.csc2024.browzer.cloudziti.io/
fingerprinting.js:215066 Ziti BrowZer Runtime is now Bootstrapping
fingerprinting.js:215070 ZBR Logging Begins...
Navigated to https://test.csc2024.browzer.cloudziti.io/auth/authorize?response_type=code&redirect_uri=https%3A%2F%2Ftest.csc2024.browzer.cloudziti.io%2F%3Fauth_callback%3D1&client_id=https%3A%2F%2Ftest.csc2024.browzer.cloudziti.io%2F&state=eyJoYXNzVXJsIjoiaHR0cHM6Ly90ZXN0LmNzYzIwMjQuYnJvd3plci5jbG91ZHppdGkuaW8iLCJjbGllbnRJZCI6Imh0dHBzOi8vdGVzdC5jc2MyMDI0LmJyb3d6ZXIuY2xvdWR6aXRpLmlvLyJ9
collapser.js:215066 Ziti BrowZer Runtime is now Bootstrapping
collapser.js:215070 ZBR Logging Begins...
authorize:1 Autofocus processing was blocked because a document already has a focused element.
menu.js:4 [Violation] Added non-passive event listener to a scroll-blocking 'wheel' event. Consider marking event handler as 'passive' to make the page more responsive. See https://www.chromestatus.com/feature/5745543795965952
S @ menu.js:4
m @ menu.js:9
Y @ menu.js:4
m @ menu.js:9
Y @ menu.js:4
m @ menu.js:9
p @ menu.js:9
M @ menu.js:4
R @ menu.js:4
menu.js:4 [Violation] Added non-passive event listener to a scroll-blocking 'wheel' event. Consider marking event handler as 'passive' to make the page more responsive. See https://www.chromestatus.com/feature/5745543795965952
S @ menu.js:4
m @ menu.js:9
Y @ menu.js:4
m @ menu.js:9
Y @ menu.js:4
m @ menu.js:9
m @ menu.js:9
Y @ menu.js:4
m @ menu.js:9
p @ menu.js:9
M @ menu.js:4
R @ menu.js:4
Navigated to https://test.csc2024.browzer.cloudziti.io/?auth_callback=1&code=4b00375857ff4344a7ea3538354e9a22&state=eyJoYXNzVXJsIjoiaHR0cHM6Ly90ZXN0LmNzYzIwMjQuYnJvd3plci5jbG91ZHppdGkuaW8iLCJjbGllbnRJZCI6Imh0dHBzOi8vdGVzdC5jc2MyMDI0LmJyb3d6ZXIuY2xvdWR6aXRpLmlvLyJ9&storeToken=true
ziti-browzer-runtime-2f6be57b.js:215066 Ziti BrowZer Runtime is now Bootstrapping
ziti-browzer-runtime-2f6be57b.js:215070 ZBR Logging Begins...
Navigated to https://test.csc2024.browzer.cloudziti.io/?auth_callback=1&code=4b00375857ff4344a7ea3538354e9a22&state=eyJoYXNzVXJsIjoiaHR0cHM6Ly90ZXN0LmNzYzIwMjQuYnJvd3plci5jbG91ZHppdGkuaW8iLCJjbGllbnRJZCI6Imh0dHBzOi8vdGVzdC5jc2MyMDI0LmJyb3d6ZXIuY2xvdWR6aXRpLmlvLyJ9&storeToken=true
ziti-browzer-runtime-2f6be57b.js:215066 Ziti BrowZer Runtime is now Bootstrapping
ziti-browzer-runtime-2f6be57b.js:215070 ZBR Logging Begins...
Navigated to https://test.csc2024.browzer.cloudziti.io/?auth_callback=1&code=4b00375857ff4344a7ea3538354e9a22&state=eyJoYXNzVXJsIjoiaHR0cHM6Ly90ZXN0LmNzYzIwMjQuYnJvd3plci5jbG91ZHppdGkuaW8iLCJjbGllbnRJZCI6Imh0dHBzOi8vdGVzdC5jc2MyMDI0LmJyb3d6ZXIuY2xvdWR6aXRpLmlvLyJ9&storeToken=true
ziti-browzer-runtime-2f6be57b.js:215066 Ziti BrowZer Runtime is now Bootstrapping
ziti-browzer-runtime-2f6be57b.js:215070 ZBR Logging Begins...
Navigated to https://test.csc2024.browzer.cloudziti.io/?auth_callback=1&code=4b00375857ff4344a7ea3538354e9a22&state=eyJoYXNzVXJsIjoiaHR0cHM6Ly90ZXN0LmNzYzIwMjQuYnJvd3plci5jbG91ZHppdGkuaW8iLCJjbGllbnRJZCI6Imh0dHBzOi8vdGVzdC5jc2MyMDI0LmJyb3d6ZXIuY2xvdWR6aXRpLmlvLyJ9&storeToken=true
ziti-browzer-runtime-2f6be57b.js:215066 Ziti BrowZer Runtime is now Bootstrapping
ziti-browzer-runtime-2f6be57b.js:215070 ZBR Logging Begins...
Navigated to https://test.csc2024.browzer.cloudziti.io/?auth_callback=1&code=4b00375857ff4344a7ea3538354e9a22&state=eyJoYXNzVXJsIjoiaHR0cHM6Ly90ZXN0LmNzYzIwMjQuYnJvd3plci5jbG91ZHppdGkuaW8iLCJjbGllbnRJZCI6Imh0dHBzOi8vdGVzdC5jc2MyMDI0LmJyb3d6ZXIuY2xvdWR6aXRpLmlvLyJ9&storeToken=true
ziti-browzer-runtime-2f6be57b.js:215066 Ziti BrowZer Runtime is now Bootstrapping
ziti-browzer-runtime-2f6be57b.js:215070 ZBR Logging Begins...
Navigated to https://test.csc2024.browzer.cloudziti.io/?auth_callback=1&code=4b00375857ff4344a7ea3538354e9a22&state=eyJoYXNzVXJsIjoiaHR0cHM6Ly90ZXN0LmNzYzIwMjQuYnJvd3plci5jbG91ZHppdGkuaW8iLCJjbGllbnRJZCI6Imh0dHBzOi8vdGVzdC5jc2MyMDI0LmJyb3d6ZXIuY2xvdWR6aXRpLmlvLyJ9&storeToken=true
ziti-browzer-runtime-2f6be57b.js:215066 Ziti BrowZer Runtime is now Bootstrapping
ziti-browzer-runtime-2f6be57b.js:215070 ZBR Logging Begins...
Navigated to https://test.csc2024.browzer.cloudziti.io/?auth_callback=1&code=4b00375857ff4344a7ea3538354e9a22&state=eyJoYXNzVXJsIjoiaHR0cHM6Ly90ZXN0LmNzYzIwMjQuYnJvd3plci5jbG91ZHppdGkuaW8iLCJjbGllbnRJZCI6Imh0dHBzOi8vdGVzdC5jc2MyMDI0LmJyb3d6ZXIuY2xvdWR6aXRpLmlvLyJ9&storeToken=true
ziti-browzer-runtime-2f6be57b.js:215066 Ziti BrowZer Runtime is now Bootstrapping
ziti-browzer-runtime-2f6be57b.js:215070 ZBR Logging Begins...
Navigated to https://test.csc2024.browzer.cloudziti.io/?auth_callback=1&code=4b00375857ff4344a7ea3538354e9a22&state=eyJoYXNzVXJsIjoiaHR0cHM6Ly90ZXN0LmNzYzIwMjQuYnJvd3plci5jbG91ZHppdGkuaW8iLCJjbGllbnRJZCI6Imh0dHBzOi8vdGVzdC5jc2MyMDI0LmJyb3d6ZXIuY2xvdWR6aXRpLmlvLyJ9&storeToken=true
ziti-browzer-runtime-2f6be57b.js:215066 Ziti BrowZer Runtime is now Bootstrapping
ziti-browzer-runtime-2f6be57b.js:215070 ZBR Logging Begins...
Navigated to https://test.csc2024.browzer.cloudziti.io/?auth_callback=1&code=4b00375857ff4344a7ea3538354e9a22&state=eyJoYXNzVXJsIjoiaHR0cHM6Ly90ZXN0LmNzYzIwMjQuYnJvd3plci5jbG91ZHppdGkuaW8iLCJjbGllbnRJZCI6Imh0dHBzOi8vdGVzdC5jc2MyMDI0LmJyb3d6ZXIuY2xvdWR6aXRpLmlvLyJ9&storeToken=true
ziti-browzer-runtime-2f6be57b.js:215066 Ziti BrowZer Runtime is now Bootstrapping
ziti-browzer-runtime-2f6be57b.js:215070 ZBR Logging Begins...
Navigated to https://test.csc2024.browzer.cloudziti.io/?auth_callback=1&code=4b00375857ff4344a7ea3538354e9a22&state=eyJoYXNzVXJsIjoiaHR0cHM6Ly90ZXN0LmNzYzIwMjQuYnJvd3plci5jbG91ZHppdGkuaW8iLCJjbGllbnRJZCI6Imh0dHBzOi8vdGVzdC5jc2MyMDI0LmJyb3d6ZXIuY2xvdWR6aXRpLmlvLyJ9&storeToken=true
ziti-browzer-runtime-2f6be57b.js:215066 Ziti BrowZer Runtime is now Bootstrapping
ziti-browzer-runtime-2f6be57b.js:215070 ZBR Logging Begins...
Navigated to https://test.csc2024.browzer.cloudziti.io/?auth_callback=1&code=4b00375857ff4344a7ea3538354e9a22&state=eyJoYXNzVXJsIjoiaHR0cHM6Ly90ZXN0LmNzYzIwMjQuYnJvd3plci5jbG91ZHppdGkuaW8iLCJjbGllbnRJZCI6Imh0dHBzOi8vdGVzdC5jc2MyMDI0LmJyb3d6ZXIuY2xvdWR6aXRpLmlvLyJ9&storeToken=true
ziti-browzer-runtime-2f6be57b.js:215066 Ziti BrowZer Runtime is now Bootstrapping
ziti-browzer-runtime-2f6be57b.js:215070 ZBR Logging Begins...
Navigated to https://test.csc2024.browzer.cloudziti.io/?auth_callback=1&code=4b00375857ff4344a7ea3538354e9a22&state=eyJoYXNzVXJsIjoiaHR0cHM6Ly90ZXN0LmNzYzIwMjQuYnJvd3plci5jbG91ZHppdGkuaW8iLCJjbGllbnRJZCI6Imh0dHBzOi8vdGVzdC5jc2MyMDI0LmJyb3d6ZXIuY2xvdWR6aXRpLmlvLyJ9&storeToken=true
ziti-browzer-runtime-2f6be57b.js:215066 Ziti BrowZer Runtime is now Bootstrapping
ziti-browzer-runtime-2f6be57b.js:215070 ZBR Logging Begins...
Navigated to https://test.csc2024.browzer.cloudziti.io/?auth_callback=1&code=4b00375857ff4344a7ea3538354e9a22&state=eyJoYXNzVXJsIjoiaHR0cHM6Ly90ZXN0LmNzYzIwMjQuYnJvd3plci5jbG91ZHppdGkuaW8iLCJjbGllbnRJZCI6Imh0dHBzOi8vdGVzdC5jc2MyMDI0LmJyb3d6ZXIuY2xvdWR6aXRpLmlvLyJ9&storeToken=true
ziti-browzer-runtime-2f6be57b.js:215066 Ziti BrowZer Runtime is now Bootstrapping
ziti-browzer-runtime-2f6be57b.js:215070 ZBR Logging Begins...
Navigated to https://test.csc2024.browzer.cloudziti.io/?auth_callback=1&code=4b00375857ff4344a7ea3538354e9a22&state=eyJoYXNzVXJsIjoiaHR0cHM6Ly90ZXN0LmNzYzIwMjQuYnJvd3plci5jbG91ZHppdGkuaW8iLCJjbGllbnRJZCI6Imh0dHBzOi8vdGVzdC5jc2MyMDI0LmJyb3d6ZXIuY2xvdWR6aXRpLmlvLyJ9&storeToken=true
ziti-browzer-runtime-2f6be57b.js:215066 Ziti BrowZer Runtime is now Bootstrapping
ziti-browzer-runtime-2f6be57b.js:215070 ZBR Logging Begins...
Navigated to https://test.csc2024.browzer.cloudziti.io/?auth_callback=1&code=4b00375857ff4344a7ea3538354e9a22&state=eyJoYXNzVXJsIjoiaHR0cHM6Ly90ZXN0LmNzYzIwMjQuYnJvd3plci5jbG91ZHppdGkuaW8iLCJjbGllbnRJZCI6Imh0dHBzOi8vdGVzdC5jc2MyMDI0LmJyb3d6ZXIuY2xvdWR6aXRpLmlvLyJ9&storeToken=true
ziti-browzer-runtime-2f6be57b.js:215066 Ziti BrowZer Runtime is now Bootstrapping
ziti-browzer-runtime-2f6be57b.js:215070 ZBR Logging Begins...