Issues Setting Up OpenID
-
@TheMoodBoardz I guess you are trying to set up a non-Cloudron OIDC provider ? If so, when you install the app, install it with Cloudron SSO disabled i.e "Leave user management to the app" . When you install it that way, Cloudron will leave the OpenID configuration alone.
-
@girish Yes that's what I want to do - I've set it to "Leave user management to the app" however it still will remove the config for some reason?
-
N nebulon marked this topic as a question on
-
@TheMoodBoardz it shouldn't. Just checking if we have some bug in the package.
-
Brilliant, Will give that a go and will come back once I have the results
-
I've tested however though it does not remove it from config - it won't give the option at login via OpenID button. I have also checked my build that does use login via Cloudron and I have realised that never had the button to login via OpenID
-
@TheMoodBoardz could be that your openid configuration is not correct.
The app uses something like this:
<entry key='openid.clientId'>##CLOUDRON_OIDC_CLIENT_ID##</entry> <entry key='openid.clientSecret'>##CLOUDRON_OIDC_CLIENT_SECRET##</entry> <entry key='openid.issuerUrl'>##CLOUDRON_OIDC_ISSUER##</entry> <entry key='openid.authUrl'>##CLOUDRON_OIDC_AUTH_ENDPOINT##</entry> <entry key='openid.tokenUrl'>##CLOUDRON_OIDC_TOKEN_ENDPOINT##</entry> <entry key='openid.userInfoUrl'>##CLOUDRON_OIDC_PROFILE_ENDPOINT##</entry> -
@girish I have just rest tested it with coping it like for a working build now, and I now get this error:
<!DOCTYPE><html><head><title>Error</title></head><html><body>500 - Server Error</body></html>
-
@girish Yeah it's not very helpful error message.
@nebulon the config is as below (I have removed the actual URLs);
<entry key="openid.clientId">CLIENTID</entry>
<entry key="openid.clientSecret">CLIENTSECRET</entry>
<entry key="openid.issuerUrl">https://DOMAIN/application/o/traccar/</entry>
<entry key="openid.authUrl">https://DOMAIN/application/o/authorize/</entry>
<entry key="openid.tokenUrl">https://DOMAIN/application/o/token/</entry>
<entry key="openid.userInfoUrl">https://DOMAIN/application/o/userinfo/</entry> -
@TheMoodBoardz check the logs for the actual error. It throws an error even when the URLs are unreachable. Like
java.net.ConnectException,java.nio.channels.UnresolvedAddressExceptionetc...Atleast, for me, I could create an OIDC client separately in the User Directory view of Cloudron and then put in the values below and then I get the OIDC login button. Note that if you get even the domain name wrong, it throws an error!
<entry key="openid.clientId">cid-xx</entry> <entry key="openid.clientSecret">yy</entry> <entry key="openid.issuerUrl">https://my.smartserver.io/openid</entry> <entry key="openid.authUrl">https://my.smartserver.io/openid/auth</entry> <entry key="openid.tokenUrl">https://my.smartserver.io/openid/token</entry> <entry key="openid.userInfoUrl">https://my.smartserver.io/openid/me</entry> -
G girish marked this topic as a regular topic on
-
@girish So after running a few tests it seems that Traccar does not like the domain to have a "/" at the end, no error logs to support this, but it does track with what was happening - typically my SSO system will want this, so I have made some changes, and it is all working now.
-
N nebulon marked this topic as a question on
-
N nebulon has marked this topic as solved on