Closed BEBU88 closed 1 week ago
@kulmann @JammingBen ?
Hey @BEBU88 could you make your openid-configuration available? I'm specifically interested in whether or not your authentik has an end_session_endpoint
Hi @kulmann available endpoints are:
Endpoint URL Authorization /application/o/authorize/ Token /application/o/token/ User Info /application/o/userinfo/ Token Revoke /application/o/revoke/ End Session /application/o/ocis/end-session/ JWKS /application/o/ocis/jwks/ OpenID Configuration /application/o/ocis/.well-known/openid-configuration
My OCIS 5 instance is just working fine. The OIDC config and env vars in my OCIS 6 instance are the same.
That looks good...
Could you please check if there are any error messages in the browser console and paste them here?
In Firefox console I get this error: Content-Security-Policy: The page’s settings blocked the loading of a resource (connect-src) at https://idp-url/application/o/ocis/.well-known/openid-configuration because it violates the following directive: “connect-src 'self'”
Ah, now I know what this is :-(
Then restart your ocis. That should fix it. I wonder why we don't have a sane default here...
Ah sorry, one more step, you need to edit the csp.yaml
file and either enter your own idp domain or rename the var in there and set it in your .env file or your docker compose env or whatever you use accordingly
Thank You @kulmann it's working as expected now.
Describe the bug
After upgrading to OCIS 6.0 the browser is not redirecting to external IDP (Authentik). Users with active sessions are not able to logout. The button has no effect anymore.
Steps to reproduce
Expected behavior
The Browser should redirect to external IDP for login.
Actual behavior
Browser is stuck at OCIS_URL/login?redirectUrl=%2Ffiles%2Fspaces%2Fpersonal
Setup
I'm using OCIS as systemd service on Debian 12
```console OCIS_OIDC_ISSUER=https://IDP-URL PROXY_OIDC_INSECURE=false PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD=jwt PROXY_USER_OIDC_CLAIM=preferred_username PROXY_USER_CS3_CLAIM=username PROXY_AUTOPROVISION_ACCOUNTS=true PROXY_ROLE_ASSIGNMENT_DRIVER=oidc PROXY_ROLE_ASSIGNMENT_OIDC_CLAIM=ocis_role OCIS_OIDC_CLIENT_ID=CLIENT-ID PROXY_OIDC_REWRITE_WELLKNOWN=true WEB_OIDC_METADATA_URL=https://IDP-URL/.well-known/openid-configuration WEB_OIDC_SCOPE: openid profile email offline_access ```
Additional context
Already deleted browser cache and tried in private window.