Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Synology as OIDC Provider issues #310

Open
mostdcoa opened this issue Apr 12, 2024 · 0 comments
Open

Synology as OIDC Provider issues #310

mostdcoa opened this issue Apr 12, 2024 · 0 comments

Comments

@mostdcoa
Copy link

I am attempting to use our user database on our Synology

Error:
Error in OpenIdConnect:The provider issuer could not be fetched. Make sure your provider has a well known configuration available.

I've tried multiple variations of the config.php openid-connect paramaters/keys:

  'openid-connect' => [
    'provider-url' => 'https://synology.domain.com/webman/sso/.well-known/openid-configuration',
    'client-id' => 'ID',
    'client-secret' => 'SECRET',
    'loginButtonName' => 'OpenId Connect',
    'provider-params' => [
      'authorization_endpoint' => 'https://synology.domain.com/webman/sso/SSOOauth.cgi',
      'token_endpoint' => 'https://synology.domain.com/webman/sso/SSOAccessToken.cgi',
      'token_endpoint_auth_methods_supported' => '[ "client_secret_basic", "client_secret_post" ]',
      'userinfo_endpoint' => 'https://synology.domain.com/webman/sso/SSOUserInfo.cgi',
      #'registration_endpoint' => '...',
      #'end_session_endpoint' => '...',
      'jwks_uri' => 'https://synology.domain.com/webman/sso/openid-jwks.json',

Here is the .well-known/openid-configuration from the synology OIDC server

{
   "authorization_endpoint" : "https://synology.domain.com/webman/sso/SSOOauth.cgi",
   "claims_supported" : [ "aud", "email", "exp", "groups", "iat", "iss", "sub", "username" ],
   "code_challenge_methods_supported" : [ "S256", "plain" ],
   "grant_types_supported" : [ "authorization_code", "implicit" ],
   "id_token_signing_alg_values_supported" : [ "RS256" ],
   "issuer" : "https://synology.domain.com/webman/sso",
   "jwks_uri" : "https://synology.domain.com/webman/sso/openid-jwks.json",
   "response_types_supported" : [ "code", "code id_token", "id_token", "id_token token" ],
   "scopes_supported" : [ "email", "groups", "openid" ],
   "subject_types_supported" : [ "public" ],
   "token_endpoint" : "https://synology.domain.com/webman/sso/SSOAccessToken.cgi",
   "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post" ],
   "userinfo_endpoint" : "https://synology.domain.com/webman/sso/SSOUserInfo.cgi"
}

Steps I've done from https://doc.owncloud.com/server/next/admin_manual/configuration/user/oidc/oidc.html

  1. Added the openid connect app on the owncloud server
  2. added the 'http.cookie.samesite' => 'None',
  3. using the occ command (with my specific config): sudo -u www-data ./occ config:app:set \ openidconnect \ openid-connect \ --value='{"provider-url":"https:\/\/idp.example.net","client-id":"fc9b5c78-ec73-47bf-befc-59d4fe780f6f","client-secret":"e3e5b04a-3c3c-4f4d-b16c-2a6e9fdd3cd1","loginButtonName":"Login via OpenId Connect"}'
  4. Using the auto-provision keys/params similar to One-Login's but unless I specify all the URLs, it usually just fails immediately with the failed to fetch error. If I have the above URL specified OIDC keys, then it will have my login to the synology, but when I authenticated it just goes back to failed to fetch.
  5. To note, our users don't have emails, just "Names" on the synology user database.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant