OPENID Connect - Azure

Kaliloo · November 10, 2020, 7:14am

Is there anyone who successfully migrate from basic authentication to Azure ldP wit OPENID Connect.

I successfully configure OPENID connect, bust after login with Azure credentials, Owncloud print error “User is not known.”

‘openid-connect’ =>
array (
‘provider-url’ => ‘https://login.microsoftonline.com/XXXXXXX/’,
‘client-id’ => ‘XXXXXX’,
‘client-secret’ => ‘XXXXXXX’,
‘loginButtonName’ => ‘Microsoft SSO’,
‘autoRedirectOnLoginPage’ => false,
‘mode’ => ‘userid’, // change this to ‘email’ if necessary (see Identity Provider configuration)
‘search-attribute’ => ‘upn’,

),

eneubauer · November 10, 2020, 9:00am

Do you have your Azure AD also connected via LDAP? Perhaps you need a different search-attribute for Azure OIDC? Did you try email in mode?

Kaliloo · November 10, 2020, 12:40pm

OK. I moved a little bit further. I believe that I successfully linked the local user with Azure info from JWT token correctly with the configuration:

‘mode’ => ‘email’,
‘search-attribute’ => ‘unique_name’,

But now it seem that I get an error from the OpenID app:

{“reqId”:“y73CY6u6kWPMw2AW8mTx”,“level”:3,“time”:“2020-11-10T13:32:41+01:00”,“remoteAddr”:“XXXXXXXXXX”,“user”:“XXXX”,“app”:“PHP”,“method”:“GET”,“url”:"/apps/files/",“message”:“Undefined offset: 0 at /var/www/html/owncloud/apps/openidconnect/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php#906”}
{“reqId”:“y73CY6u6kWPMw2AW8mTx”,“level”:3,“time”:“2020-11-10T13:32:41+01:00”,“remoteAddr”:“XXXXXXXXXX”,“user”:“XXXX”,“app”:“no app in context”,“method”:“GET”,“url”:"/apps/files/",“message”:“Exception: {“Exception”:“Jumbojett\\OpenIDConnectClientException”,“Message”:“Error decoding JSON from token header”,“Code”:0,“Trace”:”#0 \/var\/www\/html\/owncloud\/apps\/openidconnect\/lib\/SessionVerifier.php(120): Jumbojett\\OpenIDConnectClient->verifyJWTsignature(‘PAQABAAAAAAB2Uy…’)\n#1 \/var\/www\/html\/owncloud\/apps\/openidconnect\/lib\/Application.php(79): OCA\\OpenIdConnect\\SessionVerifier->verifySession()\n#2 \/var\/www\/html\/owncloud\/apps\/openidconnect\/appinfo\/app.php(25): OCA\\OpenIdConnect\\Application->boot()\n#3 \/var\/www\/html\/owncloud\/lib\/private\/legacy\/app.php(239): require_once(’\/var\/www\/html\/o…’)\n#4 \/var\/www\/html\/owncloud\/lib\/private\/legacy\/app.php(190): OC_App::requireAppFile(Object(OCA\\OpenIdConnect\\Application))\n#5 \/var\/www\/html\/owncloud\/lib\/private\/legacy\/app.php(124): OC_App::loadApp(‘openidconnect’)\n#6 \/var\/www\/html\/owncloud\/lib\/base.php(886): OC_App::loadApps(Array)\n#7 \/var\/www\/html\/owncloud\/index.php(54): OC::handleRequest()\n#8 {main}",“File”:"\/var\/www\/html\/owncloud\/apps\/openidconnect\/vendor\/jumbojett\/openid-connect-php\/src\/OpenIDConnectClient.php",“Line”:908}"}
{“reqId”:“y73CY6u6kWPMw2AW8mTx”,“level”:3,“time”:“2020-11-10T13:32:41+01:00”,“remoteAddr”:“XXXXXXXXXX”,“user”:“XXXX”,“app”:“PHP”,“method”:“GET”,“url”:"/apps/files/",“message”:“Illegal offset type in isset or empty at /var/www/html/owncloud/lib/private/legacy/app.php#287”}
{“reqId”:“y73CY6u6kWPMw2AW8mTx”,“level”:3,“time”:“2020-11-10T13:32:41+01:00”,“remoteAddr”:“XXXXXXXXXX”,“user”:“XXXX”,“app”:“PHP”,“method”:“GET”,“url”:"/apps/files/",“message”:“Object of class OCA\OpenIdConnect\Application could not be converted to string at /var/www/html/owncloud/lib/private/legacy/app.php#245”}
{“reqId”:“y73CY6u6kWPMw2AW8mTx”,“level”:2,“time”:“2020-11-10T13:32:41+01:00”,“remoteAddr”:“XXXXXXXXXX”,“user”:“XXXX”,“app”:“core”,“method”:“GET”,“url”:"/apps/files/",“message”:“Could not load app “”, it will be disabled”}
{“reqId”:“y73CY6u6kWPMw2AW8mTx”,“level”:3,“time”:“2020-11-10T13:32:41+01:00”,“remoteAddr”:“XXXXXXXXXX”,“user”:“XXXX”,“app”:“PHP”,“method”:“GET”,“url”:"/apps/files/",“message”:“Illegal offset type in unset at /var/www/html/owncloud/lib/private/App/AppManager.php#339”}
{“reqId”:“y73CY6u6kWPMw2AW8mTx”,“level”:3,“time”:“2020-11-10T13:32:41+01:00”,“remoteAddr”:“XXXXXXXXXX”,“user”:“XXXX”,“app”:“PHP”,“method”:“GET”,“url”:"/apps/files/",“message”:“Illegal offset type at /var/www/html/owncloud/lib/private/AppConfig.php#141”}
{“reqId”:“y73CY6u6kWPMw2AW8mTx”,“level”:3,“time”:“2020-11-10T13:32:41+01:00”,“remoteAddr”:“XXXXXXXXXX”,“user”:“XXXX”,“app”:“PHP”,“method”:“GET”,“url”:"/apps/files/",“message”:“Object of class OCA\OpenIdConnect\Application could not be converted to string at /var/www/html/owncloud/lib/composer/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOStatement.php#81”}
{“reqId”:“y73CY6u6kWPMw2AW8mTx”,“level”:3,“time”:“2020-11-10T13:32:41+01:00”,“remoteAddr”:“XXXXXXXXXX”,“user”:“XXXX”,“app”:“PHP”,“method”:“GET”,“url”:"/apps/files/",“message”:“Object of class OCA\OpenIdConnect\Application could not be converted to string at /var/www/html/owncloud/lib/composer/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOStatement.php#81”}
{“reqId”:“y73CY6u6kWPMw2AW8mTx”,“level”:3,“time”:“2020-11-10T13:32:41+01:00”,“remoteAddr”:“XXXXXXXXXX”,“user”:“XXXX”,“app”:“PHP”,“method”:“GET”,“url”:"/apps/files/",“message”:“Illegal offset type in isset or empty at /var/www/html/owncloud/lib/private/AppConfig.php#194”}
{“reqId”:“y73CY6u6kWPMw2AW8mTx”,“level”:3,“time”:“2020-11-10T13:32:41+01:00”,“remoteAddr”:“XXXXXXXXXX”,“user”:“XXXX”,“app”:“PHP”,“method”:“GET”,“url”:"/apps/files/",“message”:“Object of class OCA\OpenIdConnect\Application could not be converted to string at /var/www/html/owncloud/lib/composer/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOStatement.php#81”}
{“reqId”:“y73CY6u6kWPMw2AW8mTx”,“level”:3,“time”:“2020-11-10T13:32:41+01:00”,“remoteAddr”:“XXXXXXXXXX”,“user”:“XXXX”,“app”:“PHP”,“method”:“GET”,“url”:"/apps/files/",“message”:“Illegal offset type at /var/www/html/owncloud/lib/private/AppConfig.php#201”}
{“reqId”:“y73CY6u6kWPMw2AW8mTx”,“level”:3,“time”:“2020-11-10T13:32:41+01:00”,“remoteAddr”:“XXXXXXXXXX”,“user”:“XXXX”,“app”:“index”,“method”:“GET”,“url”:"/apps/files/",“message”:“Exception: {“Exception”:“Jumbojett\\OpenIDConnectClientException”,“Message”:“Error decoding JSON from token header”,“Code”:0,“Trace”:”#0 \/var\/www\/html\/owncloud\/apps\/openidconnect\/lib\/SessionVerifier.php(120): Jumbojett\\OpenIDConnectClient->verifyJWTsignature(‘PAQABAAAAAAB2Uy…’)\n#1 \/var\/www\/html\/owncloud\/apps\/openidconnect\/lib\/Application.php(79): OCA\\OpenIdConnect\\SessionVerifier->verifySession()\n#2 \/var\/www\/html\/owncloud\/apps\/openidconnect\/appinfo\/app.php(25): OCA\\OpenIdConnect\\Application->boot()\n#3 \/var\/www\/html\/owncloud\/lib\/private\/legacy\/app.php(239): require_once(’\/var\/www\/html\/o…’)\n#4 \/var\/www\/html\/owncloud\/lib\/private\/legacy\/app.php(190): OC_App::requireAppFile(Object(OCA\\OpenIdConnect\\Application))\n#5 \/var\/www\/html\/owncloud\/lib\/private\/legacy\/app.php(124): OC_App::loadApp(‘openidconnect’)\n#6 \/var\/www\/html\/owncloud\/lib\/base.php(886): OC_App::loadApps(Array)\n#7 \/var\/www\/html\/owncloud\/index.php(54): OC::handleRequest()\n#8 {main}",“File”:"\/var\/www\/html\/owncloud\/apps\/openidconnect\/vendor\/jumbojett\/openid-connect-php\/src\/OpenIDConnectClient.php",“Line”:908}"}

Kaliloo · November 25, 2020, 3:51pm

Did anyone successfully integrate Ownlcoud authentication with Azure yet?