Socialcoop.meet.coop outage

Tech circle Systems
1

Following on from tales from Feedback on the new de.meet.coop server:

Going by @wouter’s post from 2022, it was a totally separate Greenlight instance:

Socialcoop has been paying ~£1k/year since 2021 for this kind of meetcoop membership – this is just under 10% of our annual income.

Now that the dust is settling on the new servers (well done @kawaiipunk and everyone else involved), can we start a discussion about whether and how to reinstate service for Socialcoop members?

I don’t personally care whether we keep the vanity URL (or a separate Greenlight instance more generally); IMO the Socialcoop Community Working Group just needs some way of giving Socialcoop members access to Meetcoop services. One idea (only about the “how”, not the “whether” or “when”) could be to add https://auth.social.coop as a login provider on https://sso.meet.coop.

As I mentioned in the call on Friday, there are some (polite, comradely) grumblings from Socialcoop members about how much we’re paying compared to e.g. our Mayfirst membership, or our “community contributions” to other groups, when the service isn’t working – I think having an answer about whether and when Socialcoop members might be able to use the service again might increase people’s patience, or at least help members make an informed decision about whether to keep making paying for this multi-user membership.

2

The current blocker for me and @spacehobo is the lack of the access to Keycloak master realm.

We currently don’t understand how social.coop members were able to auth to the old BBB/Greenlight servers. If it was a separate BBB/Greenlight instance, we never knew that. Any info from social.coop side collective memory would be really useful e.g.

  • what URL did u login at?
  • what was the URL of the server you used?
  • how did you manage users?
  • did you manage users using Keycloak?

If there was a realm dedicated to social.coop members, how were new members added? It wasn’t linked to the OpenCollective sync script which just syncs the general list of paying OC members.

Note that I did send this email to tech.group@social.coop on 2026-02-23 but didn’t get a reply:

Hi social.coop folks,

I got pointed to this email by flancian.

I was just wondering if we could come up with a plan with restoring meet.coop access to social.coop folks.

Because our lack of access to what we need to, we can’t see how the social.coop was set-up.

We were under the impression that all meet.coop Single Sign On (SSO) was a flat hierarchy with all OpenCollective active members synced to a general “members” role on Keycloak (the SSO provider).

However the fact that social.coop users aren’t able to access meet.coop suggests that this isn’t the case.

Could you possibly lay out how you used to access meet.coop

  • Did you have a single account to create rooms via?
  • Was it certain emails that had accounts?
  • Or maybe anyone with a @social.coopsocial.coop email

We see your OpenCollective membership as a “Multi-user Member -Unlimited user accounts, Maximum of 100 meeting participants (minimum 3 months subscription)”

Just fyi no one else from that tier has contacted us and said they had problems. Not sure if this indicated they had access in a different way or not.

Anything you can give us here will help us work out how the old system was working as sadly many past meet.coop technical folks are not around.

We can create you a new account on meet.coop now as we have some Keycloak access, would you be ok with a shared account for the time being?

Me and @spacehobo are currently in the process of migrating the old sso.meet.coop Keycloak to a new and supported version login.meet.coop. That will give us the ability to create a realm for social.coop members to self manage their users.

A interim solution is that you all share a single de.meet.coop login. That is really quick to setup for us but it means there is less privacy of the shared login (i.e. you can see the rooms that others who share the login have created).

1 Like
3

@spacehobo just did some digging and we don’t see any other realms apart from the “master” realm (which we can’t access) and the OC synced “meet.coop. realm.

So we can conclude that most likely social.coop had a totally separate BBB/Greenlight install that must have been on the servers that we locked down.

Would you like us to setup a shared users for you to fill the gap?

We hope to have the next Keycloak server deployed with 1-2 weeks and after that we can create you folks your own social.coop realm and you can manage your own users again?

1 Like
4

Thanks so much for the reply!

Ah @flancian replied on 2026-02-27 to support@techcare.coop, maybe it got spamcanned?

Again, happy to help hack into that, should be possible to copy the values in the CREDENTIAL table from a known user. Alternatively, it looks like if someone deletes enough credentials relating to the default admin user, it will get recreated from environment variables. Let me know! But, as per below, I don’t think socialcoop.meet.coop was ever using SSO.

I can’t say for sure either, I am/was just going off Wouter’s post that I quoted.

https://socialcoop.meet.coop/signin

Not sure I 100% understand; here’s a meeting link I had made in case that’s helpful https://socialcoop.meet.coop/3wo-yox-z1p-fvt

Here are our docs on it: https://wiki.social.coop/wiki/Adding_New_Users_to_Meet.coop

Members of the CWG ops team are tasked with responding to new signups for meet.coop accounts as part of their oncall responsibilities.

  1. Sign into socialcoop.meet.coop.
  2. Click on your username in the top-right part of the page.
  3. Click on Organization to visit the Admins page.
  4. Click the green Invite User button.
  5. Enter the email address(es) of the social.coop member who needs an account.
  6. Check the “Invited” tab to confirm that they’ve been invited.

No.

If it’s easy, I think this would be a fine short-term measure so at least Socialcoop users can do “something”. But yes the lack of isolation is a bit non-ideal.

Seems like adding https://auth.social.coop as an “Identity provider” on the Meetcoop Keycloak might be less work for everyone? This didn’t exist when we first became Meetcoop members, otherwise I think we might have done that in the first place.