search

9p4 / jellyfin-plugin-sso

This plugin allows users to sign in through an SSO provider (such as Google, Microsoft, or your own provider). This enables one-click signin.
GNU General Public License v3.0
534 stars 25 forks source link

Jellyfin 10.9 with SSO stuck on "Logging in..." on android mobile app #189

Open tbelway opened 2 months ago

tbelway commented 2 months ago

Describe the bug When the SSO login is used through the android mobile app it hangs on "Logging in...". Jellyfin version 10.9. OIDC = Keycloak.

To Reproduce Steps to reproduce the behavior:

  1. Open android app (with cleared cache and storage)
  2. Go to your media server URL
  3. Click the SSO button
  4. Login
  5. Redirect works but hangs on "Logging in..."

Expected behavior Should log in and bring you to the app

Configuration

<?xml version="1.0" encoding="utf-8"?>
<PluginConfiguration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <SamlConfigs />
  <OidConfigs>
    <item>
      <key>
        <string>${REALM}</string>
      </key>
      <value>
        <PluginConfiguration>
          <OidEndpoint>${REALM_CONFIG_URL}</OidEndpoint>
          <OidClientId>${REALM}</OidClientId>
          <OidSecret>${SUPER_SECRET_PASS}</OidSecret>
          <Enabled>true</Enabled>
          <EnableAuthorization>true</EnableAuthorization>
          <EnableAllFolders>true</EnableAllFolders>
          <EnabledFolders />
          <AdminRoles>
            <string>${ADMIN_ROLE}</string>
          </AdminRoles>
          <Roles>
            <string>${USER_ROLE}</string>
          </Roles>
          <EnableFolderRoles>false</EnableFolderRoles>
          <EnableLiveTvRoles>false</EnableLiveTvRoles>
          <EnableLiveTv>false</EnableLiveTv>
          <EnableLiveTvManagement>false</EnableLiveTvManagement>
          <LiveTvRoles />
          <LiveTvManagementRoles />
          <FolderRoleMappings>
            <FolderRoleMappings>
              <Role />
              <Folders />
            </FolderRoleMappings>
          </FolderRoleMappings>
          <RoleClaim>realm_access.roles</RoleClaim>
          <OidScopes />
          <DefaultProvider>Jellyfin.Plugin.LDAP_Auth.LdapAuthenticationProviderPlugin</DefaultProvider>
          <NewPath>true</NewPath>
          <CanonicalLinks>
            <item>
              <key>
                <string>${CANONICAL_USER_LINK}</string>
              </key>
              <value>
                <guid>${GUID_HASH}</guid>
              </value>
            </item>
            <item>
              <key>
                <string>${ANOTHER_CANONICAL_USER_LINK}</string>
              </key>
              <value>
                <guid>${ANOTHER_GUID_HASH}</guid>
              </value>
            </item>
          </CanonicalLinks>
          <DisableHttps>false</DisableHttps>
          <DoNotValidateEndpoints>false</DoNotValidateEndpoints>
          <DoNotValidateIssuerName>false</DoNotValidateIssuerName>
        </PluginConfiguration>
      </value>
    </item>
  </OidConfigs>
</PluginConfiguration>

Santiized

Versions (please complete the following information):

Additional context This was working with 10.8

tbelway commented 2 months ago

Also of note, the documentation should be updated with the app redirect URI: org.jellyfin.mobile://login-callback

made PR: https://github.com/9p4/jellyfin-plugin-sso/pull/190

9p4 commented 2 months ago

The mobile apps aren't supported, as nice as that would be. I'll try my best to help, though.

What snippet are you using for the button?

tbelway commented 2 months ago

The mobile apps aren't supported, as nice as that would be. I'll try my best to help, though.

What snippet are you using for the button?

Sounds good! I could have sworn it was working on 10.8, perhaps I'm misremembering...

The html snip is:

<form action="${URL}">
    <button class="raised block emby-button button-submit">
        Sign in with SSO
    </button>
</form>
<form action="${URL}">
    <button class="raised block emby-button">
        SSO Password Reset
    </button>
</form>
<p>${HTML_TEXT}</p>

and for css:

/*Hide "please login" text, margin is to prevent login form moving too far up*/
#loginPage h1 {display: none}
#loginPage .padded-left.padded-right.padded-bottom-page {margin-top: 50px}

/*a.raised.emby-button or .emby-button*/
#loginPage .emby-button {
  padding: 0.9em 1em;
  color:  #d10000 !important;
}

#loginPage .disclaimerContainer {
  display: block;
  margin-top: 0;
}

#loginPage .emby-button.btnForgotPassword {
  display: none;
}

edit: to santiize

9p4 commented 2 months ago

Does it continue to work on the web client?

tbelway commented 2 months ago

Does it continue to work on the web client?

Yup! I'm using it over web on desktop with no issues :)

I haven't had a chance to look at the code and see if it's something I can help troubleshoot, but I'll try to check it out if I ever get an evening free xD

9p4 commented 2 months ago

Let me spin up an Android VM with a debug build and I'll poke around.

9p4 commented 2 months ago

I think the new webview app in Android seems to restrict the network connections (guess).

The Android app seems to have diverged from the webview (with the inclusion of additional cast functionality), which causes the plugin to fail to set some variables.

tbelway commented 2 months ago

~I think the new webview app in Android seems to restrict the network connections (guess).~

The Android app seems to have diverged from the webview (with the inclusion of additional cast functionality), which causes the plugin to fail to set some variables.

Interesting... This something that can be rectified by setting defaults for android that get overridden over web? Or is this more complicated?

9p4 commented 2 months ago

I don't know. I'll have to look into it some more this week.

gabefraser commented 2 days ago

Would love to see this working for Android app.