Federation & Social Logins // OAuth - Azure AD // Unable to save settings #7744
Comments
|
As a workaround I used the generic oauth source where you can set the fields to whatever you want. |
|
Running into this issue as well. |
|
facing the same issue, @BeryJu any ETA on the fix for this
|
|
This is actually just an issue of outdated documentation, the PR above fixes the docs to make the correct changes, which will persist the correct URLs |
|
@BeryJu can you please reopen this issue? The problem is still there. When we use an generic OpenID Oauth Source with all the Azure AD atributes the authentication works, when we use the dedicated Azure AD option the error is still there. I have tested this morning with the brand new [2023.10.4] vesion. On the Azure AD source, we dont even have an Well-Know option to add the recomendation: "OIDC Well-known URL: https://login.microsoftonline.com/*Directory (tenant) ID* from above/v2.0/.well-known/openid-configuration" Even the part where when you change the Azure AD config on the Authentik Web UI it defauts back to the generic config on the database. |
|
@BeryJu , same here, The Issue still persists. also, that Well-Know option as shown in the screenshot is not visible. |
|
So the OIDC well-known not being shown is due to #7560 which was not included in 2023.10 while I thought it was. I've backported the change and we'll release 2023.10.5 later this week |
|
Ok turns out there was also another bug hidden in there, which is in #7970. Not sure if we'll release another version this year, but you can use the container image |
|
@BeryJu hope you can release another version in a stable branch that includes the fix, as there are no guarantees that I can update back to the next stable from the dev branch (bad previous experience). Thanks ! |
Describe the bug
See #7550.
When setting up Azure AD as Social Login, it is not possible to save the
authorization_url,access_token_url, andprofile_urlparameters successfully. The Authentik frontend will report backSuccessfully updated source. However, the fields are not correctly saved and fall back to the default URLs withcommon.Therefore, OAuth flow will fail with the error message
Authentication failed: Could not determine id..As soon as the Authentik version is downgraded to e.g. 2023.8.3, the bug is resolved and the settings are successfully saved. Authentication works flawlessly.
Note: The frontend will always show
https://login.microsoftonline.com/common/oauth2/v2.0/authorizeas Authorization URL andhttps://login.microsoftonline.com/common/oauth2/v2.0/tokenas Token URL at/if/admin/#/core/sources/<SOURCE-NAME>;%7B"page"%3A"page-overview"%7D. This is a general issue for all Authentik version.To Reproduce
Steps to reproduce the behavior:
Authorization URLandToken URLare not displayed with the made changes but show a default URL with../common/..authorization_url,access_token_url, andprofile_urlwere indeed not saved but list a default URL with../common/..Authentication failed: Could not determine id.Authorization URLandToken URLwith a default../common/..URL. The user's edits are properly stored and retrieved from the database though (verifiable if one clicksEditagain to inspect the OAuth source details).Expected behavior
Setting up an Oauth source works and properly stores the made changes to the underlying database. The changes are reflected when the Oauth source is edited again. In the overview of OAuth sources, the
Authorization URLandToken URLare displayed correctly with the user's edits and not display the default URLs with../common/...Version and Deployment (please complete the following information):
The text was updated successfully, but these errors were encountered: