ADFS + Planka

[SkorpionMars]

Good afternoon.

We are trying to connect authorization to Planka using ADFS(Windows Server 2019/2022) via OIDC.

After entering the necessary parameters we get the following error when trying to authorize in the service.

Settings on the Planka side

OIDC_ISSUER=https://adfs-sandbox.domain.com/adfs
OIDC_CLIENT_ID=5cd56d55-0f8f-4705-9ad6-5001cc8744bc
OIDC_CLIENT_SECRET=yKrTyg4xOHdgW2laQXb0gf3z4XvqyNqwrNv3USqy
OIDC_SCOPES=openid email profile
# OIDC_ADMIN_ROLES=admin
# OIDC_EMAIL_ATTRIBUTE=email
# OIDC_NAME_ATTRIBUTE=name
# OIDC_USERNAME_ATTRIBUTE=username
# OIDC_ROLES_ATTRIBUTE=groups
# OIDC_IGNORE_USERNAME=true
OIDC_IGNORE_ROLES=true
# OIDC_ENFORCED=true

Errors from Planka log

2024-03-29 12:27:19 [W] Error while exchanging OIDC code: OPError: invalid_token (MSIS9921: Received invalid UserInfo request. Audience 'microsoft:identityserver:5cd56d55-0f8f-4705-9ad6-5001cc8744bc' in the access token is not same as the identifier of the UserInfo relying party trust 'urn:microsoft:userinfo'.)
2024-03-29 12:27:19 [W] Invalid code or nonce! (IP: ::1)

Version Planka 1.16.1

Information from Saml-Tracer addon in Firefox

Can you help with this problem?

[meltyshev]

Hi! We'll try to reproduce this as soon as we have access to ADFS, but for now I'll add a "help wanted" label, maybe someone who has already encountered this can help.

[RogerSik]

Have the same issue with OIDC and Authentik. Strange thing is that it happens sometimes. Repeatedly re-trying the login it will works.

[meltyshev]

Have the same issue with OIDC and Authentik. Strange thing is that it happens sometimes. Repeatedly re-trying the login it will works.

Hi! That's strange, because I tested OIDC exactly on Authentik. Are you using the latest version of Planka? Could you please provide the error message from the server logs?