Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authentik as SSO: Error processing request. #49

Closed
mirisbowring opened this issue Jun 30, 2022 · 2 comments
Closed

Authentik as SSO: Error processing request. #49

mirisbowring opened this issue Jun 30, 2022 · 2 comments
Labels
wontfix This will not be worked on

Comments

@mirisbowring
Copy link

Describe the bug
Today i tried to add authentik as OIDC Provider for my jellyfin instance.
I configured the jellyfin side according to the docs and also created a scope mapping for the groups for the provider on the authentik side. When logging in to authentik and "clicking the application", i get redirected to https://jellyfin.tld/sso/OID/r/authentik but get a Error processing request.

Same happens when i visit the URL directly.

Jellyfin Logs:

[13:57:12] [ERR] [92] Jellyfin.Server.Middleware.ExceptionMiddleware: Error processing request. URL GET /sso/OID/r/authentik.
System.ArgumentNullException: Value cannot be null. (Parameter 'key')
   at System.Collections.Generic.Dictionary`2.FindValue(TKey key)
   at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
   at Jellyfin.Plugin.SSO_Auth.Api.SSOController.OidPost(String provider, String state)
   at lambda_method1115(Closure , Object , Object[] )
   at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.SyncActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeActionMethodAsync()
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeNextActionFilterAsync()
--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync()
--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeFilterPipelineAsync()
--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)
   at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
   at Jellyfin.Server.Middleware.ServerStartupMessageMiddleware.Invoke(HttpContext httpContext, IServerApplicationHost serverApplicationHost, ILocalizationManager localizationManager)
   at Jellyfin.Server.Middleware.WebSocketHandlerMiddleware.Invoke(HttpContext httpContext, IWebSocketManager webSocketManager)
   at Jellyfin.Server.Middleware.IpBasedAccessValidationMiddleware.Invoke(HttpContext httpContext, INetworkManager networkManager)
   at Jellyfin.Server.Middleware.LanFilteringMiddleware.Invoke(HttpContext httpContext, INetworkManager networkManager, IServerConfigurationManager serverConfigurationManager)
   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
   at Jellyfin.Server.Middleware.QueryStringDecodingMiddleware.Invoke(HttpContext httpContext)
   at Swashbuckle.AspNetCore.ReDoc.ReDocMiddleware.Invoke(HttpContext httpContext)
   at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
   at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Jellyfin.Server.Middleware.RobotsRedirectionMiddleware.Invoke(HttpContext httpContext)
   at Jellyfin.Server.Middleware.LegacyEmbyRouteRewriteMiddleware.Invoke(HttpContext httpContext)
   at Microsoft.AspNetCore.ResponseCompression.ResponseCompressionMiddleware.InvokeCore(HttpContext context)
   at Jellyfin.Server.Middleware.ResponseTimeMiddleware.Invoke(HttpContext context, IServerConfigurationManager serverConfigurationManager)
   at Jellyfin.Server.Middleware.ExceptionMiddleware.Invoke(HttpContext context)

To Reproduce

  1. Visit https://domain.tld/sso/OID/r/authentik

Expected behavior
I should be logged in

Configuration
https://domain.tld/application/o/jellyfin/.well-known/openid-configuration is working fine

<?xml version="1.0" encoding="utf-8"?>
<PluginConfiguration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <SamlConfigs />
  <OidConfigs>
    <item>
      <key>
        <string>authentik</string>
      </key>
      <value>
        <PluginConfiguration>
          <OidEndpoint>https://auth.domain.tld/application/o/jellyfin</OidEndpoint>
          <OidClientId><my cool unique ID></OidClientId>
          <OidSecret><my super secret secret></OidSecret>
          <Enabled>true</Enabled>
          <EnableAuthorization>true</EnableAuthorization>
          <EnableAllFolders>false</EnableAllFolders>
          <EnabledFolders>
            <string>9d7ad6afe9afa2dab1a2f6e00ad28fa6</string>
            <string>f137a2dd21bbc1b99aa5c0f6bf02a805</string>
            <string>a656b907eb3a73532e40e44b968d0225</string>
          </EnabledFolders>
          <AdminRoles>
            <string>["Jellyfin Admins"]</string>
          </AdminRoles>
          <Roles>
            <string>["Jellyfin Users"]</string>
          </Roles>
          <EnableFolderRoles>false</EnableFolderRoles>
          <FolderRoleMappings />
          <RoleClaim>groups</RoleClaim>
          <OidScopes>
            <string>["groups"]</string>
          </OidScopes>
        </PluginConfiguration>
      </value>
    </item>
  </OidConfigs>
</PluginConfiguration>

Versions (please complete the following information):

  • OS: unraid
  • Browser: Chrome/Firefos
  • Jellyfin Version: 10.8.1
  • Plugin Version: 3.3.0.0
@mirisbowring mirisbowring added the bug Something isn't working label Jun 30, 2022
@9p4
Copy link
Owner

9p4 commented Jul 1, 2022

The login flow is triggered when you visit https://jellyfin.tld/sso/OID/p/authentik (note the p instead of the r in the URL)

@mirisbowring
Copy link
Author

Oh man! Thank you very much!
This p instead of r made me 5 years older yesterday...

@9p4 9p4 added wontfix This will not be worked on and removed bug Something isn't working labels Jul 1, 2022
r-skinner added a commit to r-skinner/jellyfin-plugin-sso that referenced this issue Jul 17, 2022
@r-skinner
Fix typo in providers.md
63e3147 
Fix for this issue
9p4#49
@r-skinner r-skinner mentioned this issue Jul 17, 2022
Closed
This was referenced Sep 23, 2022
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mirisbowring @9p4