mirror of
https://github.com/plankanban/planka.git
synced 2026-02-24 19:08:59 +03:00
SSO fails with DSM sso server #371
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @halfu on GitHub (Oct 23, 2023).
Thanks for the new realse with OIDC support.
I set up a synology DSM sso server, wich has a openid-configuraraton as below:
{ "authorization_endpoint" : "https://nasip:port/webman/sso/SSOOauth.cgi", "claims_supported" : [ "aud", "email", "exp", "groups", "iat", "iss", "sub", "username" ], "code_challenge_methods_supported" : [ "S256", "plain" ], "grant_types_supported" : [ "authorization_code", "implicit" ], "id_token_signing_alg_values_supported" : [ "RS256" ], "issuer" : "https://nasip:port/webman/sso", "jwks_uri" : "https://nasip:port/webman/sso/openid-jwks.json", "response_types_supported" : [ "code", "code id_token", "id_token", "id_token token" ], "scopes_supported" : [ "email", "groups", "openid" ], "subject_types_supported" : [ "public" ], "token_endpoint" : "https://nasip:port/webman/sso/SSOAccessToken.cgi", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post" ], "userinfo_endpoint" : "https://nasip:port/webman/sso/SSOUserInfo.cgi" }as you can see, there is no "name" in the scopes_supported section.
But planka need these scopes:
- OIDC_SCOPES=openid email profileSo, I got this error when use SSO on my planka instance.
Request URL: https://myplankaserver:port/api/access-tokens/exchange-using-oidc Request Method: POST Status Code: 422 Unprocessable Contentand the erro detail as below:
{ "code": "E_UNPROCESSABLE_ENTITY", "message": "Unable to retrieve required values (email, name)" }I am wondering if it is possible to drop "profile" requirement.
I am quit new on OIDC, correct me if I was wrong.
@meltyshev commented on GitHub (Oct 23, 2023):
Hi! You are right, the problem is that your IDP doesn't support the
profilescope, but Planka needs it to create an account (this scope contains a user name, which cannot be empty). Unfortunately we can't change anything on our side to solve this. I think there should be some way to add this scope to your IDP.@halfu commented on GitHub (Oct 24, 2023):
Thanks for your quick reply, I will dig into dsm synology system to get a solution then.
I will report back if I successed.
@daniel-hiller commented on GitHub (Nov 1, 2023):
Hi,
as a dirty quickfix you do do this....
in server/api/helpers/users/get-or-create-one-using-oidc.js
change the folling lines
Line 36:
from
if (!userInfo.email || !userInfo.name) {to
if (!userInfo.email || !userInfo.username) {Line 56:
from
name: userInfo.name,to
name: userInfo.username,This change will set the username as name too, because of Synology does not support friendly names for users
At the moment it's not possible to change the name in Planka when OIDC is in use.
We will post an update with more options to configure OIDC and make the name changeable, if your sso provider does not support them.
@halfu commented on GitHub (Nov 1, 2023):
Thanks A lot for your help. I have switched my sso server to authentik , and everything works great.
And I agree that give more options to configure OIDC in planka side is a good idea.
@halfu commented on GitHub (Nov 1, 2023):
Since my problem sovled, I closed this issue.
@john8329 commented on GitHub (Jan 18, 2024):
Hi, I'm having the same issue with DSM, and I'd like for simplicity to use it instead of other solutions. Would it be possible to let the app tolerate the absence of the
profileclaim and just useusernameif it's missing?Thanks a lot
@ngthwi commented on GitHub (Dec 8, 2025):
I can't get Planka to work with Synology SSO. even with
OIDC_USERNAME_ATTRIBUTE=usernameI get an
Unkown error. Retry later.There's no error log in the docker console...
Is it still the missing
profile?Here's my env variables: