OIDC not redirecting back to XO
-
Have you asked Authelia community? Sounds like more a configuration tuning than anything else
-
@olivierlambert I haven't, but considering the issue is only with xen orchestra, which has 0 documentation on the oidc plugin I don't think they will be of much help.
-
Our OIDC plugin is very standard, as far OIDC is. We detailed how to use it with Keycloak (with screenshots), if you can have people from Authelia with some knowledge on what fields to fill, that would be wonderful. Keep us posted, we'll be happy to have your steps in our documentation
-
@olivierlambert I was able to get some logs from xen orchestra.
Expected values to be strictly equal: + actual - expected + 'undefined' - 'string'But no additional information.
-
Ah! That's interesting
Ping @julien-f
-
@olivierlambert could you point me in the keycloak configuration direction?
-
-
@maxcerny I believe the username field is incorrect, it should be one of
displayName,usernameoremail).Make sure your plugin is up-to-date because it is documented.
-
@julien-f tried it, no dice
Also according to the authelia docs: https://www.authelia.com/integration/openid-connect/introduction/#profile
the claim is preferred_username
-
@maxcerny
usernameispreferred_usernamein XO.We weren't explicitly using the
profilescope, please test theoidc-scope-profilebranch. -
@julien-f yes, this branch works.
guess it was a scoping issue then.When about can I expect an update to the master branch? I'm currently running xo in docker and don't really want to glue together different plugin versions.
-
@julien-f just a clarification, it works with username, not preferred username
-
@maxcerny I've made some changes to make scopes configurable, if you could test it to make sure it works, that would be great. (same branch, commit
da14bab) -
@maxcerny Have you been able to test the latest version?
-
The fix is now merged on
masterand will be part of the next release.
