Issues Setting Up OpenID

girish

@TheMoodBoardz I guess you are trying to set up a non-Cloudron OIDC provider ? If so, when you install the app, install it with Cloudron SSO disabled i.e "Leave user management to the app" . When you install it that way, Cloudron will leave the OpenID configuration alone.

TheMoodBoardz

@girish Yes that's what I want to do - I've set it to "Leave user management to the app" however it still will remove the config for some reason?

girish

@TheMoodBoardz it shouldn't. Just checking if we have some bug in the package.

TheMoodBoardz

@girish Ok, Thanks

girish

@TheMoodBoardz thanks for reporting, this was a bug. It's fixed in the latest package. If you update to latest and setup oidc, it won't be overwritten after restart anymore.

TheMoodBoardz

Brilliant, Will give that a go and will come back once I have the results

TheMoodBoardz

I've tested however though it does not remove it from config - it won't give the option at login via OpenID button. I have also checked my build that does use login via Cloudron and I have realised that never had the button to login via OpenID

girish

@TheMoodBoardz could be that your openid configuration is not correct.

The app uses something like this:

    <entry key='openid.clientId'>##CLOUDRON_OIDC_CLIENT_ID##</entry>
    <entry key='openid.clientSecret'>##CLOUDRON_OIDC_CLIENT_SECRET##</entry>
    <entry key='openid.issuerUrl'>##CLOUDRON_OIDC_ISSUER##</entry>
    <entry key='openid.authUrl'>##CLOUDRON_OIDC_AUTH_ENDPOINT##</entry>
    <entry key='openid.tokenUrl'>##CLOUDRON_OIDC_TOKEN_ENDPOINT##</entry>
    <entry key='openid.userInfoUrl'>##CLOUDRON_OIDC_PROFILE_ENDPOINT##</entry>

TheMoodBoardz

@girish So I am using the same config as you have shown, but it does not give you the option. I have just installed a fresh version and still have the same issue of it not giving you the option to sign in using OpenID

TheMoodBoardz

@girish I have just rest tested it with coping it like for a working build now, and I now get this error:

<!DOCTYPE><html><head><title>Error</title></head><html><body>500 - Server Error</body></html>

nebulon

anything in the app logs? Maybe some typo or otherwise wrong formatting of the configs?

girish

Right, I have seen the 500 error when the xml configuration is incorrect somewhere. traccar is not clear at times when giving error messages.

edit: to be clear, even when the values are incorrect. not the xml format/syntax itself.

TheMoodBoardz

@girish Yeah it's not very helpful error message.

@nebulon the config is as below (I have removed the actual URLs);

<entry key="openid.clientId">CLIENTID</entry>
<entry key="openid.clientSecret">CLIENTSECRET</entry>
<entry key="openid.issuerUrl">https://DOMAIN/application/o/traccar/</entry>
<entry key="openid.authUrl">https://DOMAIN/application/o/authorize/</entry>
<entry key="openid.tokenUrl">https://DOMAIN/application/o/token/</entry>
<entry key="openid.userInfoUrl">https://DOMAIN/application/o/userinfo/</entry>

girish

@TheMoodBoardz check the logs for the actual error. It throws an error even when the URLs are unreachable. Like java.net.ConnectException , java.nio.channels.UnresolvedAddressException etc...

Atleast, for me, I could create an OIDC client separately in the User Directory view of Cloudron and then put in the values below and then I get the OIDC login button. Note that if you get even the domain name wrong, it throws an error!

  <entry key="openid.clientId">cid-xx</entry>
  <entry key="openid.clientSecret">yy</entry>
  <entry key="openid.issuerUrl">https://my.smartserver.io/openid</entry>
  <entry key="openid.authUrl">https://my.smartserver.io/openid/auth</entry>
  <entry key="openid.tokenUrl">https://my.smartserver.io/openid/token</entry>
  <entry key="openid.userInfoUrl">https://my.smartserver.io/openid/me</entry>

TheMoodBoardz

@girish So after running a few tests it seems that Traccar does not like the domain to have a "/" at the end, no error logs to support this, but it does track with what was happening - typically my SSO system will want this, so I have made some changes, and it is all working now.