OIDC not redirecting back to XO
-
I have set up Xen Orchestra and authelia. Then I set up the plugin for oidc in XO, and configured a client in authelia.
But when I try to login, I get to authelia, go through 2FA, and then nothing happens. If I go back to XO, I just land back at the login page.
I know my authelia and oidc is working, because I have no problems with using it on proxmox.
Any ideas as to where the issue might be?
-
Still haven't been able to get it working... Any suggestions?
-
XO works well with a reverse proxy, so I would ask Authelia community I think. I don't see any reason it shouldn't work
-
olivierlambert I got a bit further, but now I'm getting an internal server error when I get redirected back.
-
maxcerny maybe post the config you are using? I use OIDC with Google for XO and it worked right out of the gate.
-
sluflyer06
authelia client config:
XO OIDC config:
-
Not really sure which scopes I should be using tho. might be the issue.
-
Have you asked Authelia community? Sounds like more a configuration tuning than anything else
-
olivierlambert I haven't, but considering the issue is only with xen orchestra, which has 0 documentation on the oidc plugin I don't think they will be of much help.
-
Our OIDC plugin is very standard, as far OIDC is. We detailed how to use it with Keycloak (with screenshots), if you can have people from Authelia with some knowledge on what fields to fill, that would be wonderful. Keep us posted, we'll be happy to have your steps in our documentation
-
olivierlambert I was able to get some logs from xen orchestra.
Expected values to be strictly equal: + actual - expected + 'undefined' - 'string'But no additional information.
-
Ah! That's interesting
Ping julien-f
-
olivierlambert could you point me in the keycloak configuration direction?
-
-
maxcerny I believe the username field is incorrect, it should be one of
displayName,usernameoremail).Make sure your plugin is up-to-date because it is documented.
-
julien-f tried it, no dice
Also according to the authelia docs: https://www.authelia.com/integration/openid-connect/introduction/#profile
the claim is preferred_username
-
maxcerny
usernameispreferred_usernamein XO.We weren't explicitly using the
profilescope, please test theoidc-scope-profilebranch. -
julien-f yes, this branch works.
guess it was a scoping issue then.When about can I expect an update to the master branch? I'm currently running xo in docker and don't really want to glue together different plugin versions.
-
julien-f just a clarification, it works with username, not preferred username
-
maxcerny I've made some changes to make scopes configurable, if you could test it to make sure it works, that would be great. (same branch, commit
da14bab)
