Dolibarr OIDC

nebulon

@vladimir.d has looked into this these days, he may have more insights. However you can also try to get it to work as a Cloudron OpenID client and if it works let us know, then we can integrate it into the package quickly. So far we hit issues around OAuth grants if I recall correctly.

charlesnw

I will wait for @vladimir.d to reply Otherwise I'll attempt to set it up as a Cloudron OIDC client in next couple days.

charlesnw

Hello all.

I have :

• Edited the conf file:

$dolibarr_main_authentication='openid_connect,dolibarr';

• Enabled the OpenID module:

(I suppose when the package is deployed, you'll want that module enabled by default?) https://www.dolibarr.org/forum/t/help-needed-using-doli-enable-modules-in-docker-installation/29945 seems relevant for that.

I am now at the settings screen:

Hopefully I will shortly have OIDC working. Once I do, should I send some kind of pull request or?

charlesnw

If anyone has some time to help me hack on this, it would be greatly appreciated.

I attempted to map the Dollibar OIDC bits to the Cloudron OpenID fields. Not sure if I got it correct. Also, I suppose that the sync script will need to be run even with OIDC?

nebulon

@vladimir.d also has a branch with an attempt to get it working at https://git.cloudron.io/packages/dolibarr-app/-/tree/oidc-v21?ref_type=heads

vladimir.d

Unfortunately I'm not sure if OpenID auth is working properly in Dolibarr at the moment.
We are facing into same errors as explained at https://github.com/Dolibarr/dolibarr/issues/33974

charlesnw

Can you share a config which will get me to that error? I’m happy to troubleshoot it.

charlesnw

I see the latest Cloudron Dolibarr update supports OIDC! Thanks! This is awesome. It was my last app to not support OIDC login.

charlesnw

I have a number of Dolibar instances deployed on my Cloudron. Post OIDC update all of them work for OIDC login. All but 1 work for the local admin login.

i get the error:

Not an OpenID Connect flow

The configuration of all of them (on the filesystem/cloudron side) is stock / identical. I've got custom groups etc inside the instances to support the various lines of business. However I haven't made any major global or code etc changes to any of them, just customized modules/perms etc via the GUI.

Any ideas?

joseph

Dolibarr being the beast it is, might be worth disabling the customizations one by one and figure out what change breaks.

charlesnw

I can't do that. I can't login as admin.

joseph

Rough.. But I think you can maybe delete the plugin from the filesystem in /app/data/ . I don't know the exact directory but I am guessing there is a plugins subdirectory somewhere inside it from where you can delete/move the plugin one by one .

charlesnw

I’ll take a look. Thanks for the suggestion.

I don’t think that will solve my issue. I’ll update this thread with the results either way

charlesnw

Did not work. I made the

/app/data/dolibarr

directory identical to a working instance. I restarted the instance that I can't login to as admin and get exact same error. Any way to increase the logging?

OskarArdolo

Hi, I had same problem today. I was unable to connect to admin account using password.
A workaround I did was to edit Dolibarr "admin" account username to an already existing Cloudron username (using a Dolibarr account that had administrator rights). I could then connect with OIDC on the edited admin account.

But I'm pretty sure I was able to connect to that admin account with username/password months ago. I'm not a big fan of the workaround I used today.