Error while setting Oidc Authentication
343 views
Skip to first unread message
tarun kumar
Apr 9, 2023, 9:09:34 PM4/9/23
to DSpace Technical Support
Dear Sir,
I am writing to inquire about an issue we are facing while setting up Dspace Oidc authentication using Google Mail. We have followed the guidelines as instructed in the documentation and updated the authentication-oidc.cfg file with the following values:
authentication-oidc.token-endpoint = https://www.googleapis.com/oauth2/v4/token
authentication-oidc.authorize-endpoint = https://accounts.google.com/o/oauth2/v2/auth
authentication-oidc.user-info-endpoint = https://www.googleapis.com/oauth2/v3/userinfo
authentication-oidc.redirect-url = ${dspace.server.url}/api/authn/oidc
However, when we click on "login with oidc," we are successfully redirected to the Google page for login. After entering our credentials, the page keeps reloading and goes nowhere. Attaching error screenshot.
I would like to request your assistance in resolving the following queries:
Is the redirect URL correct, or is there something else that we are missing that needs to be done?
After making the above changes in authentication-oidc.cfg and uncommenting in the authentication.cfg, is there anything else that needs to be done?
Finally, is it possible to ensure that OIDC request does not request for scope, i.e., by default, the request scope is requested, like email, openid, profile? Is there a way to not request any of the scopes?
Thank you for your attention to this matter.
Best regards
Tarun
I am writing to inquire about an issue we are facing while setting up Dspace Oidc authentication using Google Mail. We have followed the guidelines as instructed in the documentation and updated the authentication-oidc.cfg file with the following values:
authentication-oidc.token-endpoint = https://www.googleapis.com/oauth2/v4/token
authentication-oidc.authorize-endpoint = https://accounts.google.com/o/oauth2/v2/auth
authentication-oidc.user-info-endpoint = https://www.googleapis.com/oauth2/v3/userinfo
authentication-oidc.redirect-url = ${dspace.server.url}/api/authn/oidc
However, when we click on "login with oidc," we are successfully redirected to the Google page for login. After entering our credentials, the page keeps reloading and goes nowhere. Attaching error screenshot.
I would like to request your assistance in resolving the following queries:
Is the redirect URL correct, or is there something else that we are missing that needs to be done?
After making the above changes in authentication-oidc.cfg and uncommenting in the authentication.cfg, is there anything else that needs to be done?
Finally, is it possible to ensure that OIDC request does not request for scope, i.e., by default, the request scope is requested, like email, openid, profile? Is there a way to not request any of the scopes?
Thank you for your attention to this matter.
Best regards
Tarun
euler
Jan 11, 2024, 5:06:25 AM1/11/24
to DSpace Technical Support
Hi,
Did you manage to resolve your issue? I am also trying to use OIDC authentication using Google. I can confirm that the user was successfully logged in to Google when I opened a new tab and went to a Google page. However, the UI shows that the user was not authenticated. Looking at the log files, here is what I found that could be relevant to why the authentication failed:
2024-01-11 17:28:28,796 INFO unknown ff975adf-f235-4dbb-a428-9ca9751cdbe7 org.dspace.app.rest.utils.DSpaceAPIRequestLoggingFilter @ Before request [GET /server/api/authn/status] originated from https://my-domain/server/login.html
2024-01-11 17:28:29,019 WARN unknown unknown org.dspace.app.rest.exception.DSpaceApiExceptionControllerAdvice @ Access is denied. Invalid CSRF token. (status:403 exception: Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-XSRF-TOKEN'. at: org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:127))
2024-01-11 17:28:29,019 WARN unknown unknown org.dspace.app.rest.exception.DSpaceApiExceptionControllerAdvice @ Access is denied. Invalid CSRF token. (status:403 exception: Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-XSRF-TOKEN'. at: org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:127))
Below is my OIDC Configuration:
# Settings for OIDC authentication
authentication-oidc.authorize-endpoint = https://accounts.google.com/o/oauth2/v2/auth
authentication-oidc.token-endpoint = https://oauth2.googleapis.com/token
authentication-oidc.user-info-endpoint = https://openidconnect.googleapis.com/v1/userinfo
authentication-oidc.authorize-endpoint = https://accounts.google.com/o/oauth2/v2/auth
authentication-oidc.token-endpoint = https://oauth2.googleapis.com/token
authentication-oidc.user-info-endpoint = https://openidconnect.googleapis.com/v1/userinfo
authentication-oidc.redirect-url = ${dspace.server.url}/api/authn/oidc
authentication-oidc.can-self-register = true
I am using DSpace 7.6.1
Thanks in advance and best regards,
euler
Humberto Blanco Castillo
Jul 9, 2024, 6:37:09 AM7/9/24
to DSpace Technical Support
Dear Euler,
you know if posible solve this?
We have the same error,
I believe the error is at this point authentication-oidc.redirect-url = ${dspace.server.url}/api/authn/oidc when accessing OIDC. I think it is not able to receive the authentication token from the endpoint.
Sincerelly,
Humberto Blanco
Reply all
Reply to author
Forward
0 new messages