-
-
Notifications
You must be signed in to change notification settings - Fork 874
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Federation & Social Logins // OAuth - Azure AD // Unable to save settings #7744
Comments
As a workaround I used the generic oauth source where you can set the fields to whatever you want. |
Running into this issue as well. |
facing the same issue, @BeryJu any ETA on the fix for this
|
This is actually just an issue of outdated documentation, the PR above fixes the docs to make the correct changes, which will persist the correct URLs |
@BeryJu can you please reopen this issue? The problem is still there. When we use an generic OpenID Oauth Source with all the Azure AD atributes the authentication works, when we use the dedicated Azure AD option the error is still there. I have tested this morning with the brand new [2023.10.4] vesion. On the Azure AD source, we dont even have an Well-Know option to add the recomendation: "OIDC Well-known URL: https://login.microsoftonline.com/*Directory (tenant) ID* from above/v2.0/.well-known/openid-configuration" Even the part where when you change the Azure AD config on the Authentik Web UI it defauts back to the generic config on the database. |
@BeryJu , same here, The Issue still persists. also, that Well-Know option as shown in the screenshot is not visible. |
So the OIDC well-known not being shown is due to #7560 which was not included in 2023.10 while I thought it was. I've backported the change and we'll release 2023.10.5 later this week |
Ok turns out there was also another bug hidden in there, which is in #7970. Not sure if we'll release another version this year, but you can use the container image |
@BeryJu hope you can release another version in a stable branch that includes the fix, as there are no guarantees that I can update back to the next stable from the dev branch (bad previous experience). Thanks ! |
Describe the bug
See #7550.
When setting up Azure AD as Social Login, it is not possible to save the
authorization_url
,access_token_url
, andprofile_url
parameters successfully. The Authentik frontend will report backSuccessfully updated source
. However, the fields are not correctly saved and fall back to the default URLs withcommon
.Therefore, OAuth flow will fail with the error message
Authentication failed: Could not determine id.
.As soon as the Authentik version is downgraded to e.g. 2023.8.3, the bug is resolved and the settings are successfully saved. Authentication works flawlessly.
Note: The frontend will always show
https://login.microsoftonline.com/common/oauth2/v2.0/authorize
as Authorization URL andhttps://login.microsoftonline.com/common/oauth2/v2.0/token
as Token URL at/if/admin/#/core/sources/<SOURCE-NAME>;%7B"page"%3A"page-overview"%7D
. This is a general issue for all Authentik version.To Reproduce
Steps to reproduce the behavior:
Authorization URL
andToken URL
are not displayed with the made changes but show a default URL with../common/..
authorization_url
,access_token_url
, andprofile_url
were indeed not saved but list a default URL with../common/..
Authentication failed: Could not determine id.
Authorization URL
andToken URL
with a default../common/..
URL. The user's edits are properly stored and retrieved from the database though (verifiable if one clicksEdit
again to inspect the OAuth source details).Expected behavior
Setting up an Oauth source works and properly stores the made changes to the underlying database. The changes are reflected when the Oauth source is edited again. In the overview of OAuth sources, the
Authorization URL
andToken URL
are displayed correctly with the user's edits and not display the default URLs with../common/..
.Version and Deployment (please complete the following information):
The text was updated successfully, but these errors were encountered: