Open mardom1 opened 1 year ago
If you set the preferred claim to "sub", it'll work automatically. It will make the usernames in Jellyfin ugly, though.
Perhaps linking can be expanded so that it maps sub
to a username.
That does not solve it for me. Still unlinks once the Jellyfin username gets changed by an admin. I thought that this was possible:
If users are registered using this plugin using a provider that doesnt support friendly names, such as a google, the username of the new account will still be numeric, however, an admin can now change the username to something better manually afterwards, and the linking will be intact (https://github.com/9p4/jellyfin-plugin-sso/pull/34)
Is the SSO user mapped to the Jellyfin username or to the Jellyfin UID?
When linking, the SSO username claim is mapped to Jellyfin's user UID.
Ideally, we can switch to using sub
internally and use the linking logic everywhere
After looking into the code, it seems this line is the culprit:
As I understand it, it only works when the canonicalName
is equal to the Jellyfin username, regardless of any CanonicalLinks
. Shouldn't the canonicalName
be mapped to the Jellyfin user UID using the CanonicalLinks
and that UID looked up using GetUserById
?
Yes, that is on the roadmap. It isn't implemented quite yet.
I have accidentally renamed my user account, and then a new user with the old name was created by this plugin. I removed that user. Now my sso is no longer working.
[22:09:33] [ERR] [41] Jellyfin.Api.Middleware.ExceptionMiddleware: Error processing request. URL POST /sso/OID/Auth/keycloak.
System.NullReferenceException: Object reference not set to an instance of an object.
at Jellyfin.Plugin.SSO_Auth.Api.SSOController.Authenticate(Guid userId, Boolean isAdmin, Boolean enableAuthorization, Boolean enableAllFolders, String[] enabledFolders, Boolean enableLiveTv, Boolean enableLiveTvAdmin, AuthResponse authResponse, String defaultProvider)
at Jellyfin.Plugin.SSO_Auth.Api.SSOController.OidAuth(String provider, AuthResponse response)
at lambda_method1128(Closure, Object)
at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfActionResultExecutor.Execute(ActionContext actionContext, IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeFilterPipelineAsync()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)
at Prometheus.HttpMetrics.HttpRequestDurationMiddleware.Invoke(HttpContext context)
at Prometheus.HttpMetrics.HttpRequestCountMiddleware.Invoke(HttpContext context)
at Prometheus.HttpMetrics.HttpInProgressMiddleware.Invoke(HttpContext context)
at Jellyfin.Api.Middleware.ServerStartupMessageMiddleware.Invoke(HttpContext httpContext, IServerApplicationHost serverApplicationHost, ILocalizationManager localizationManager)
at Jellyfin.Api.Middleware.WebSocketHandlerMiddleware.Invoke(HttpContext httpContext, IWebSocketManager webSocketManager)
at Jellyfin.Api.Middleware.IPBasedAccessValidationMiddleware.Invoke(HttpContext httpContext, INetworkManager networkManager)
at Jellyfin.Api.Middleware.LanFilteringMiddleware.Invoke(HttpContext httpContext, INetworkManager networkManager, IServerConfigurationManager serverConfigurationManager)
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at Jellyfin.Api.Middleware.QueryStringDecodingMiddleware.Invoke(HttpContext httpContext)
at Swashbuckle.AspNetCore.ReDoc.ReDocMiddleware.Invoke(HttpContext httpContext)
at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Jellyfin.Api.Middleware.RobotsRedirectionMiddleware.Invoke(HttpContext httpContext)
at Jellyfin.Api.Middleware.LegacyEmbyRouteRewriteMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.ResponseCompression.ResponseCompressionMiddleware.InvokeCore(HttpContext context)
at Jellyfin.Api.Middleware.ResponseTimeMiddleware.Invoke(HttpContext context, IServerConfigurationManager serverConfigurationManager)
at Jellyfin.Api.Middleware.ExceptionMiddleware.Invoke(HttpContext context)
How can I make it working again?
Stop Jellyfin, and edit the SSO-Auth.xml
configuration file. Change the username in the linked accounts section, and start Jellyfin.
Describe the bug I have an existing Jellyfin user account and an Authentik account. Jellyfin SSO plugin is setup for OpenID. The usernames are different. Two (probably related) issues:
To Reproduce Steps to reproduce the behavior:
Expected behavior Be logged in as the already linked user.
Screenshots Not needed.
Configuration Not needed.
Versions (please complete the following information):