ADFS + Planka #452

New Issue

Open

opened 2026-02-04 19:39:26 +03:00 by OVERLORD · 3 comments

OVERLORD commented 2026-02-04 19:39:26 +03:00

Owner

Copy Link

Originally created by @SkorpionMars on GitHub (Mar 29, 2024).

Good afternoon.

We are trying to connect authorization to Planka using ADFS(Windows Server 2019/2022) via OIDC.

After entering the necessary parameters we get the following error when trying to authorize in the service.

Settings on the Planka side

OIDC_ISSUER=https://adfs-sandbox.domain.com/adfs
OIDC_CLIENT_ID=5cd56d55-0f8f-4705-9ad6-5001cc8744bc
OIDC_CLIENT_SECRET=yKrTyg4xOHdgW2laQXb0gf3z4XvqyNqwrNv3USqy
OIDC_SCOPES=openid email profile
# OIDC_ADMIN_ROLES=admin
# OIDC_EMAIL_ATTRIBUTE=email
# OIDC_NAME_ATTRIBUTE=name
# OIDC_USERNAME_ATTRIBUTE=username
# OIDC_ROLES_ATTRIBUTE=groups
# OIDC_IGNORE_USERNAME=true
OIDC_IGNORE_ROLES=true
# OIDC_ENFORCED=true

Errors from Planka log

2024-03-29 12:27:19 [W] Error while exchanging OIDC code: OPError: invalid_token (MSIS9921: Received invalid UserInfo request. Audience 'microsoft:identityserver:5cd56d55-0f8f-4705-9ad6-5001cc8744bc' in the access token is not same as the identifier of the UserInfo relying party trust 'urn:microsoft:userinfo'.)
2024-03-29 12:27:19 [W] Invalid code or nonce! (IP: ::1)

Version Planka 1.16.1

Information from Saml-Tracer addon in Firefox

Can you help with this problem?

Originally created by @SkorpionMars on GitHub (Mar 29, 2024). Good afternoon. We are trying to connect authorization to Planka using ADFS(Windows Server 2019/2022) via OIDC. After entering the necessary parameters we get the following error when trying to authorize in the service. Settings on the Planka side ``` OIDC_ISSUER=https://adfs-sandbox.domain.com/adfs OIDC_CLIENT_ID=5cd56d55-0f8f-4705-9ad6-5001cc8744bc OIDC_CLIENT_SECRET=yKrTyg4xOHdgW2laQXb0gf3z4XvqyNqwrNv3USqy OIDC_SCOPES=openid email profile # OIDC_ADMIN_ROLES=admin # OIDC_EMAIL_ATTRIBUTE=email # OIDC_NAME_ATTRIBUTE=name # OIDC_USERNAME_ATTRIBUTE=username # OIDC_ROLES_ATTRIBUTE=groups # OIDC_IGNORE_USERNAME=true OIDC_IGNORE_ROLES=true # OIDC_ENFORCED=true ``` Errors from Planka log ``` 2024-03-29 12:27:19 [W] Error while exchanging OIDC code: OPError: invalid_token (MSIS9921: Received invalid UserInfo request. Audience 'microsoft:identityserver:5cd56d55-0f8f-4705-9ad6-5001cc8744bc' in the access token is not same as the identifier of the UserInfo relying party trust 'urn:microsoft:userinfo'.) 2024-03-29 12:27:19 [W] Invalid code or nonce! (IP: ::1) ``` Version Planka 1.16.1 Information from Saml-Tracer addon in Firefox  Can you help with this problem?

OVERLORD added the help wanted label 2026-02-04 19:39:26 +03:00

OVERLORD commented 2026-02-04 19:39:48 +03:00

Author

Owner

Copy Link

@meltyshev commented on GitHub (Apr 2, 2024):

Hi! We'll try to reproduce this as soon as we have access to ADFS, but for now I'll add a "help wanted" label, maybe someone who has already encountered this can help.

@meltyshev commented on GitHub (Apr 2, 2024): Hi! We'll try to reproduce this as soon as we have access to ADFS, but for now I'll add a "help wanted" label, maybe someone who has already encountered this can help.

OVERLORD commented 2026-02-04 19:39:59 +03:00

Author

Owner

Copy Link

@RogerSik commented on GitHub (Jul 14, 2024):

Have the same issue with OIDC and Authentik. Strange thing is that it happens sometimes. Repeatedly re-trying the login it will works.

@RogerSik commented on GitHub (Jul 14, 2024): Have the same issue with OIDC and Authentik. Strange thing is that it happens sometimes. Repeatedly re-trying the login it will works.

OVERLORD commented 2026-02-04 19:40:06 +03:00

Author

Owner

Copy Link

@meltyshev commented on GitHub (Jul 15, 2024):

Have the same issue with OIDC and Authentik. Strange thing is that it happens sometimes. Repeatedly re-trying the login it will works.

Hi! That's strange, because I tested OIDC exactly on Authentik. Are you using the latest version of Planka? Could you please provide the error message from the server logs?

@meltyshev commented on GitHub (Jul 15, 2024): > Have the same issue with OIDC and Authentik. Strange thing is that it happens sometimes. Repeatedly re-trying the login it will works. Hi! That's strange, because I tested OIDC exactly on Authentik. Are you using the latest version of Planka? Could you please provide the error message from the server logs?

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

gh-pages

dependabot/npm_and_yarn/multi-795903f3f3

dependabot/npm_and_yarn/server/multi-60f2582fdd

dependabot/npm_and_yarn/client/qs-6.14.2

dependabot/npm_and_yarn/client/markdown-it-14.1.1

v2.0.2

planka-2.0.2

v2.0.1

planka-2.0.1

v2.0.0

planka-2.0.0

planka-1.1.2

planka-1.1.1

planka-1.1.0

planka-1.0.5

planka-1.0.4

v2.0.0-rc.4

v1.26.3

planka-0.2.26

planka-1.0.3

planka-1.0.2

v2.0.0-rc.3

planka-1.0.1

planka-1.0.0

v2.0.0-rc.2

planka-0.2.25

v1.26.2

v1.26.1

planka-0.2.24

v1.26.0

planka-0.2.23

v1.25.1

planka-0.2.22

v1.25.0

planka-0.2.21

v1.24.4

planka-0.2.20

v1.24.3

planka-0.2.19

planka-0.2.18

v1.24.2

planka-0.2.17

planka-0.2.16

v1.24.1

planka-0.2.15

v1.24.0

planka-0.2.14

v1.23.5

v1.23.4

planka-0.2.13

planka-0.2.12

v1.23.3

planka-0.2.11

v1.23.2

planka-0.2.10

v1.23.1

planka-0.2.9

v1.23.0

v1.22.0

planka-0.2.8

Labels

Clear labels

bug

bug

documentation

documentation

duplicate

enhancement

good first issue

help wanted

pull-request

Mirrored from GitHub Pull Request

question

wontfix

No Label help wanted

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/planka#452