XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    OIDC login - Internal Server Error

    Scheduled Pinned Locked Moved Advanced features
    1 Posts 1 Posters 15 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Online
      carloum70
      last edited by carloum70

      We are trying to use the OIDC auth plugin to enable login to our Xen Orchestra without local accounts.

      We registered a client with our identity provider and got a client id, client secret and the auto-discovery url. That we used to configure the plugin.

      However, if we login we get redirected back from the identity provider to the XO callback url and receive then an "Internal Server Error"

      The callback URL is as follow:

      https://xoa.domain.com/signin/oidc/callback?state=STRING&scope=profile+openid&code=STRING&iss=https://identity-provider.url&client_id=XXXXX

      In the log file we see then the following 4 lines:

      mrt 25 12:29:25 vm-xoa xo-server[2618522]: Expected values to be strictly equal:
mrt 25 12:29:25 vm-xoa xo-server[2618522]: + actual - expected
mrt 25 12:29:25 vm-xoa xo-server[2618522]: + 'undefined'
mrt 25 12:29:25 vm-xoa xo-server[2618522]: - 'string'

      If we change both the username field and the scope to email, we get the same Internal Server Error, but with a different single log line:

      mrt 25 13:18:04 vm-xoa xo-server[2618522]: Cannot read properties of undefined (reading '0')

      Because we are getting redirected back from our identity provider to Xen Orchestra we guess that the issue is not there. We also get in the browser a SAML response with the userdata.

      Running a wireshark on the server shows also traffic between Xen Orchestra and the identity provider, but unfortunately we cannot look in the contents of that traffic stream.

      Setting the log level to debug does unfortunately not produce more (error) output.

      We are running Xen Orchestra with commit c3dcb and the auth-oidc (v0.4.2) plugin

      Is there an other way to figure out what is going wrong?

      1 Reply Last reply Reply Quote 0

      Hello! It looks like you're interested in this conversation, but you don't have an account yet.

      Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

      With your input, this post could be even better 💗

      Register Login
      • First post
        Last post