search

9p4 / jellyfin-plugin-sso

This plugin allows users to sign in through an SSO provider (such as Google, Microsoft, or your own provider). This enables one-click signin.
GNU General Public License v3.0
628 stars 29 forks source link

SSO not working with Jellyfin desktop application #198

Closed red3333 closed 4 months ago

red3333 commented 4 months ago

Describe the bug When using SSO with Windows desktop application, a browser window pops up and the SSO login occurs normally (meaning the SSO provider page appears, then redirects back to jellyfin web interface). But the desktop application remains on the login page.

To Reproduce Configure SSO to work with jellyfin web interface (eg. for use with firefox), assert that it is working; then open the windows desktop application and try to use SSO for login.

Expected behavior Using SSO in the desktop application should allow the user to log in the application.

Configuration

<PluginConfiguration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <SamlConfigs />
  <OidConfigs>
    <item>
      <key>
        <string>authentik</string>
      </key>
      <value>
        <PluginConfiguration>
          <OidEndpoint>https://auth.dargent.eu/application/o/mediaplayer-oidc</OidEndpoint>
          <OidClientId>XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</OidClientId>
          <OidSecret>XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</OidSecret>
          <Enabled>true</Enabled>
          <EnableAuthorization>true</EnableAuthorization>
          <EnableAllFolders>true</EnableAllFolders>
          <EnabledFolders />
          <AdminRoles>
            <string>admin</string>
          </AdminRoles>
          <Roles />
          <EnableFolderRoles>false</EnableFolderRoles>
          <EnableLiveTvRoles>false</EnableLiveTvRoles>
          <EnableLiveTv>false</EnableLiveTv>
          <EnableLiveTvManagement>false</EnableLiveTvManagement>
          <LiveTvRoles />
          <LiveTvManagementRoles />
          <FolderRoleMappings />
          <RoleClaim>role</RoleClaim>
          <OidScopes>
            <string>jellyfin</string>
          </OidScopes>
          <DefaultProvider>authentik</DefaultProvider>
          <CanonicalLinks>
            <item>
              <key>
                <string>master</string>
              </key>
              <value>
                <guid>xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx</guid>
              </value>
            </item>
            <item>
              <key>
                <string>john</string>
              </key>
              <value>
                <guid>xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx</guid>
              </value>
            </item>
            <item>
              <key>
                <string>jack</string>
              </key>
              <value>
                <guid>zzzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz</guid>
              </value>
            </item>
            <item>
              <key>
                <string>tttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt</string>
              </key>
              <value>
                <guid>uuuuuuuu-uuuu-uuuu-uuuu-uuuuuuuuuuuu</guid>
              </value>
            </item>
          </CanonicalLinks>
          <DefaultUsernameClaim>username</DefaultUsernameClaim>
          <DisableHttps>false</DisableHttps>
          <DoNotValidateEndpoints>true</DoNotValidateEndpoints>
          <DoNotValidateIssuerName>true</DoNotValidateIssuerName>
        </PluginConfiguration>
      </value>
    </item>
  </OidConfigs>

Versions (please complete the following information):

Additional context The SSO is provided by Authentik with OIDC.

For SSO login, I added a button "Log in with SSO" as described in readme.md; the button appears both on the webpage login and on the desktop application login page.

Manually login (ie with password) works on both the desktop application and the webpage. SSO login only works on the webpage.

9p4 commented 4 months ago

This is expected. The plugin only supports the web app. It was only a fluke that it worked on the desktop/Android apps at all. Please use quick connect instead.