search

9p4 / jellyfin-plugin-sso

This plugin allows users to sign in through an SSO provider (such as Google, Microsoft, or your own provider). This enables one-click signin.
GNU General Public License v3.0
558 stars 26 forks source link

Synology SSO SAML - Stuck on logging in #150

Closed Gxorge closed 10 months ago

Gxorge commented 10 months ago

Describe the bug After singing in with SAML SSO using Synology SSO as the provider, jellyfin gets stuck on the "Logging in..." screen

To Reproduce Steps to reproduce the behavior:

  1. Setup synology SAML SSO with the below config
  2. Setup the SSO provider on jellyfin with the below config
  3. Attempt to login

Expected behavior User should be taken to the jellyfin home page and logged in.

Configuration Synology SSO config image

Jellyfin saml config

curl -v -X POST -H "Content-Type: application/json" -d '{
  "samlEndpoint": "https://sso/webman/sso/SSOOauth.cgi",
  "samlClientId": "jellyfin",
  "samlCertificate": "",
  "enabled": true,
  "enableAuthorization": true,
  "enableAllFolders": true,
  "enabledFolders": [],
  "adminRoles": [
    "jellyfin-admin"
  ],
  "roles": [
    "jellyfin-access"
  ]
}' "http://jellyfin/sso/SAML/Add/hottensso?api_key=key"

Jellyfin error log

[2023-10-17 13:50:23.169 +01:00] [INF] SSO Controller initialized
[2023-10-17 13:50:34.796 +01:00] [INF] SSO Controller initialized
[2023-10-17 13:50:34.811 +01:00] [INF] SAML request has relayState of
[2023-10-17 13:50:35.011 +01:00] [INF] SSO Controller initialized
[2023-10-17 13:50:35.026 +01:00] [INF] SSO user link doesn't exist, creating...
[2023-10-17 13:50:35.041 +01:00] [ERR] Error processing request. URL "POST" "/sso/SAML/Auth/hottensso".
System.NullReferenceException: Object reference not set to an instance of an object.
   at Jellyfin.Plugin.SSO_Auth.Api.SSOController.SamlAuth(String provider, AuthResponse response)
   at lambda_method457(Closure , Object )
   at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync()
--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeFilterPipelineAsync()
--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)
   at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
   at Jellyfin.Server.Middleware.ServerStartupMessageMiddleware.Invoke(HttpContext httpContext, IServerApplicationHost serverApplicationHost, ILocalizationManager localizationManager)
   at Jellyfin.Server.Middleware.WebSocketHandlerMiddleware.Invoke(HttpContext httpContext, IWebSocketManager webSocketManager)
   at Jellyfin.Server.Middleware.IpBasedAccessValidationMiddleware.Invoke(HttpContext httpContext, INetworkManager networkManager)
   at Jellyfin.Server.Middleware.LanFilteringMiddleware.Invoke(HttpContext httpContext, INetworkManager networkManager, IServerConfigurationManager serverConfigurationManager)
   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
   at Jellyfin.Server.Middleware.QueryStringDecodingMiddleware.Invoke(HttpContext httpContext)
   at Swashbuckle.AspNetCore.ReDoc.ReDocMiddleware.Invoke(HttpContext httpContext)
   at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
   at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Jellyfin.Server.Middleware.RobotsRedirectionMiddleware.Invoke(HttpContext httpContext)
   at Jellyfin.Server.Middleware.LegacyEmbyRouteRewriteMiddleware.Invoke(HttpContext httpContext)
   at Microsoft.AspNetCore.ResponseCompression.ResponseCompressionMiddleware.InvokeCore(HttpContext context)
   at Jellyfin.Server.Middleware.ResponseTimeMiddleware.Invoke(HttpContext context, IServerConfigurationManager serverConfigurationManager)
   at Jellyfin.Server.Middleware.ExceptionMiddleware.Invoke(HttpContext context)
[2023-10-17 13:50:35.366 +01:00] [WRN] IPv6 is disabled in Jellyfin, but enabled in the OS. This may affect how the interface is selected.
[2023-10-17 13:50:35.895 +01:00] [WRN] IPv6 is disabled in Jellyfin, but enabled in the OS. This may affect how the interface is selected.
[2023-10-17 13:50:35.999 +01:00] [INF] "CustomAuthentication" was not authenticated. Failure message: "Invalid token."
[2023-10-17 13:50:36.000 +01:00] [INF] "CustomAuthentication" was not authenticated. Failure message: "Invalid token."
[2023-10-17 13:50:36.001 +01:00] [INF] AuthenticationScheme: "CustomAuthentication" was challenged.

Versions (please complete the following information):

Additional context N/A

9p4 commented 10 months ago

Can you upload the plugin XML configuration file?

Gxorge commented 10 months ago

Sure,

<?xml version="1.0" encoding="utf-8"?>
<PluginConfiguration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <SamlConfigs>
    <item>
      <key>
        <string>hottensso</string>
      </key>
      <value>
        <PluginConfiguration>
          <SamlEndpoint>https://sso/webman/sso/SSOOauth.cgi</SamlEndpoint>
          <SamlClientId>jellyfin</SamlClientId>
          <SamlCertificate>redact</SamlCertificate>
          <Enabled>true</Enabled>
          <EnableAuthorization>true</EnableAuthorization>
          <EnableAllFolders>true</EnableAllFolders>
          <EnabledFolders />
          <AdminRoles>
            <string>jellyfin-admin</string>
          </AdminRoles>
          <Roles>
            <string>jellyfin-access</string>
          </Roles>
          <EnableFolderRoles>false</EnableFolderRoles>
          <EnableLiveTvRoles>false</EnableLiveTvRoles>
          <EnableLiveTv>false</EnableLiveTv>
          <EnableLiveTvManagement>false</EnableLiveTvManagement>
          <FolderRoleMappings />
          <CanonicalLinks>
            <item>
              <key>
                <string>george</string>
              </key>
              <value>
                <guid>cde23244-ef81-4e19-a103-9d20d13c7fca</guid>
              </value>
            </item>
          </CanonicalLinks>
        </PluginConfiguration>
      </value>
    </item>
  </SamlConfigs>
  <OidConfigs />
</PluginConfiguration>
9p4 commented 10 months ago

Should be fixed in the latest version. Thanks for the report!

Gxorge commented 10 months ago

Can confirm, thank you.