Synology SSO SAML - Stuck on logging in

[Gxorge]

Describe the bug
After singing in with SAML SSO using Synology SSO as the provider, jellyfin gets stuck on the "Logging in..." screen

To Reproduce
Steps to reproduce the behavior:

1. Setup synology SAML SSO with the below config
2. Setup the SSO provider on jellyfin with the below config
3. Attempt to login

Expected behavior
User should be taken to the jellyfin home page and logged in.

Configuration
Synology SSO config

Jellyfin saml config

curl -v -X POST -H "Content-Type: application/json" -d '{
  "samlEndpoint": "https://sso/webman/sso/SSOOauth.cgi",
  "samlClientId": "jellyfin",
  "samlCertificate": "",
  "enabled": true,
  "enableAuthorization": true,
  "enableAllFolders": true,
  "enabledFolders": [],
  "adminRoles": [
    "jellyfin-admin"
  ],
  "roles": [
    "jellyfin-access"
  ]
}' "http://jellyfin/sso/SAML/Add/hottensso?api_key=key"

Jellyfin error log

[2023-10-17 13:50:23.169 +01:00] [INF] SSO Controller initialized
[2023-10-17 13:50:34.796 +01:00] [INF] SSO Controller initialized
[2023-10-17 13:50:34.811 +01:00] [INF] SAML request has relayState of
[2023-10-17 13:50:35.011 +01:00] [INF] SSO Controller initialized
[2023-10-17 13:50:35.026 +01:00] [INF] SSO user link doesn't exist, creating...
[2023-10-17 13:50:35.041 +01:00] [ERR] Error processing request. URL "POST" "/sso/SAML/Auth/hottensso".
System.NullReferenceException: Object reference not set to an instance of an object.
   at Jellyfin.Plugin.SSO_Auth.Api.SSOController.SamlAuth(String provider, AuthResponse response)
   at lambda_method457(Closure , Object )
   at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync()
--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeFilterPipelineAsync()
--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)
   at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
   at Jellyfin.Server.Middleware.ServerStartupMessageMiddleware.Invoke(HttpContext httpContext, IServerApplicationHost serverApplicationHost, ILocalizationManager localizationManager)
   at Jellyfin.Server.Middleware.WebSocketHandlerMiddleware.Invoke(HttpContext httpContext, IWebSocketManager webSocketManager)
   at Jellyfin.Server.Middleware.IpBasedAccessValidationMiddleware.Invoke(HttpContext httpContext, INetworkManager networkManager)
   at Jellyfin.Server.Middleware.LanFilteringMiddleware.Invoke(HttpContext httpContext, INetworkManager networkManager, IServerConfigurationManager serverConfigurationManager)
   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
   at Jellyfin.Server.Middleware.QueryStringDecodingMiddleware.Invoke(HttpContext httpContext)
   at Swashbuckle.AspNetCore.ReDoc.ReDocMiddleware.Invoke(HttpContext httpContext)
   at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
   at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Jellyfin.Server.Middleware.RobotsRedirectionMiddleware.Invoke(HttpContext httpContext)
   at Jellyfin.Server.Middleware.LegacyEmbyRouteRewriteMiddleware.Invoke(HttpContext httpContext)
   at Microsoft.AspNetCore.ResponseCompression.ResponseCompressionMiddleware.InvokeCore(HttpContext context)
   at Jellyfin.Server.Middleware.ResponseTimeMiddleware.Invoke(HttpContext context, IServerConfigurationManager serverConfigurationManager)
   at Jellyfin.Server.Middleware.ExceptionMiddleware.Invoke(HttpContext context)
[2023-10-17 13:50:35.366 +01:00] [WRN] IPv6 is disabled in Jellyfin, but enabled in the OS. This may affect how the interface is selected.
[2023-10-17 13:50:35.895 +01:00] [WRN] IPv6 is disabled in Jellyfin, but enabled in the OS. This may affect how the interface is selected.
[2023-10-17 13:50:35.999 +01:00] [INF] "CustomAuthentication" was not authenticated. Failure message: "Invalid token."
[2023-10-17 13:50:36.000 +01:00] [INF] "CustomAuthentication" was not authenticated. Failure message: "Invalid token."
[2023-10-17 13:50:36.001 +01:00] [INF] AuthenticationScheme: "CustomAuthentication" was challenged.

Versions (please complete the following information):

• OS: Debian GNU/Linux 11 (bullseye)
• Browser: Firefox 118.0.2
• Jellyfin Version: 10.8.8
• Plugin Version: 3.5.2.0

Additional context
N/A

[9p4]

Can you upload the plugin XML configuration file?

[Gxorge]

Sure,

<?xml version="1.0" encoding="utf-8"?>
<PluginConfiguration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <SamlConfigs>
    <item>
      <key>
        <string>hottensso</string>
      </key>
      <value>
        <PluginConfiguration>
          <SamlEndpoint>https://sso/webman/sso/SSOOauth.cgi</SamlEndpoint>
          <SamlClientId>jellyfin</SamlClientId>
          <SamlCertificate>redact</SamlCertificate>
          <Enabled>true</Enabled>
          <EnableAuthorization>true</EnableAuthorization>
          <EnableAllFolders>true</EnableAllFolders>
          <EnabledFolders />
          <AdminRoles>
            <string>jellyfin-admin</string>
          </AdminRoles>
          <Roles>
            <string>jellyfin-access</string>
          </Roles>
          <EnableFolderRoles>false</EnableFolderRoles>
          <EnableLiveTvRoles>false</EnableLiveTvRoles>
          <EnableLiveTv>false</EnableLiveTv>
          <EnableLiveTvManagement>false</EnableLiveTvManagement>
          <FolderRoleMappings />
          <CanonicalLinks>
            <item>
              <key>
                <string>george</string>
              </key>
              <value>
                <guid>cde23244-ef81-4e19-a103-9d20d13c7fca</guid>
              </value>
            </item>
          </CanonicalLinks>
        </PluginConfiguration>
      </value>
    </item>
  </SamlConfigs>
  <OidConfigs />
</PluginConfiguration>

[9p4]

Should be fixed in the latest version. Thanks for the report!

[Gxorge]

Can confirm, thank you.