Hi Quentin, Yes I have a usersource, but probably that is where the process is failing at the moment. Am I understanding it correctly that a view must be created? I am using pgsql as the backend.
Is there a way to get sogo register new users automatically as they login with the oidc successfully? Or I have to create some hand crafted solution that registers the users in the oauth source and then create it in pgsql as well, but without the password. Or how is password even handled? Does the canAuthenticate YES or NO in the usersource when using oauth? I appreciate your prompt response! BR Levi > -----Original Message----- > From: [email protected] <[email protected]> On Behalf Of > qhivert > Sent: Tuesday, April 8, 2025 9:43 AM > To: [email protected] > Subject: RE: [SOGo] OIDC login endless loop on successful login > > Hello, > > Did you configure a usersource after all? It is mandatory, openid is just for the > authentication but sogo will still need a user source to fetch infos of the user. > This endless loop probably means that the email fetch from the openid server > is not found in your user source. > > Quentin > > -----Original Message----- > From: [email protected] <[email protected]> On Behalf Of "Levi" > Sent: mardi 8 avril 2025 01:34 > To: [email protected] > Subject: [SOGo] OIDC login endless loop on successful login > > Hi, > I have installed v5.12.0 and trying to make OIDC login to work. The first hitch > was that SOGo requires the end_session_endpoint key present in the openid- > configuration. That has been solved. > After that without user source configured it is telling on boot: > Apr 08 01:25:16 sogod [9]: [WARN] <0x0x7f7790e3c180[WOxElemBuilder]> > could not locate builders: WOxExtElemBuilder,WOxExtElemBuilder > Apr 08 01:25:16 sogod [9]: [ERROR] > <0x0x5558161cd7e0[SOGoUserManager]> No authentication sources > defined - nobody will be able to login. Check your defaults. > > I am not sure if this has any effect, I can make it go away by specifying a user > source. > > Given these configurations: > SOGoAuthenticationType = "openid"; > SOGoOpenIdConfigUrl = > "https://[MYOIDCURL]/.well-known/openid-configuration";; > SOGoOpenIdClient = "sogo"; > SOGoOpenIdClientSecret = "sogo"; > SOGoOpenIdScope = "openid offline_access"; > SOGoOpenIdEmailParam = "email"; > SOGoOpenIdEnableRefreshToken = YES; > SOGoOpenIdTokenCheckInterval = 300; > SOGoOpenIdLogoutEnabled = NO; > > I am getting into an endless loop on the oauth provider login, even though > seemingly the user and its email has been fetched correctly from the userinfo > endpoint: > Apr 08 02:03:11 sogod [7]: |SOGo| starting method 'GET' on uri '/SOGo' > Apr 08 02:03:11 sogod [7]: <0x0x5555de4e2c80[SOGoCache]> Cache > cleanup interval set every 300.000000 seconds Apr 08 02:03:11 sogod [7]: > <0x0x5555de4e2c80[SOGoCache]> Using host(s) 'memcached' as server(s) > Apr 08 > 02:03:11 sogod [7]: [WARN] <0x0x7fa5e0cdb180[WOxElemBuilder]> could > not locate builders: WOxExtElemBuilder,WOxExtElemBuilder > 2025-04-08 02:03:11.795 sogod[7:7] PG0x0x5555de66fa50 SQL: SELECT > c_defaults FROM sogo_user_profile WHERE c_uid = 'anonymous' > 2025-04-08 02:03:11.940 sogod[7:7] PG0x0x5555de66fa50 SQL: select > character_octet_length as CHARACTER_MAXIMUM_LENGTH from > information_schema.columns where table_name = 'sogo_user_profile' AND > column_name = 'c_defaults' > 2025-04-08 02:03:12.277 sogod[7:7] OpenId perform request: GET > https://[MYOIDCURL]/.well-known/openid-configuration > 2025-04-08 02:03:12.277 sogod[7:7] OpenId perform request, headers (null) > Apr 08 02:03:12 sogod [7]: |SOGo| request took 0.987919 seconds to > execute Apr 08 02:03:12 sogod [7]: [MYOIDCURL] "GET /SOGo HTTP/1.1" 302 > 0/0 1.018 - > - 4M - 11 Apr 08 02:03:25 sogod [7]: |SOGo| starting method 'GET' on uri > '/SOGo/? > code=[CODE_RETURNED]' > 2025-04-08 02:03:25.084 sogod[7:7] OpenId perform request: POST > https://[MYOIDCURL]/auth/token > 2025-04-08 02:03:25.084 sogod[7:7] OpenId perform request, headers > {"content- type" = "application/x-www-form-urlencoded"; } > 2025-04-08 02:03:25.162 sogod[7:7] fetch token response: {"access_token" > = "[ACCESS_TOKEN]"; "expires_in" = 3600; "id_token" = "[ID_TOKEN]"; > "refresh_token" = "[REFRESH_TOKEN]"; "token_type" = bearer; } > 2025-04-08 02:03:25.162 sogod[7:7] OpenId perform request: GET > https://[MYOIDCURL]/auth/userinfo > 2025-04-08 02:03:25.162 sogod[7:7] OpenId perform request, headers > {authorization = "Bearer [ACCESS_TOKEN]"; "content-type" = > "application/x-www- form-urlencoded"; } > >>>> > 2025-04-08 02:03:25.199 sogod[7:7] OpenId fetch user info, profile is {email > = "test@[MAIL_DOMAIN]"; "email_verified" = 1; name = "Test"; > "preferred_username" = "[DOMAIN]_test"; sub = 59; } > >>>> > 2025-04-08 02:03:25.370 sogod[7:7] PG0x0x5555de821250 SQL: BEGIN > TRANSACTION > 2025-04-08 02:03:25.371 sogod[7:7] PG0x0x5555de821250 SQL: SELECT > t1.c_access_token_expires_in, t1.c_old_session, t1.c_refresh_token, > t1.c_refresh_token_expires_in, t1.c_session_started, t1.c_user_session FROM > sogo_openid t1 WHERE t1.c_user_session='[ACCESS_TOKEN]' > 2025-04-08 02:03:25.385 sogod[7:7] PG0x0x5555de821250 SQL: ROLLBACK > TRANSACTION > 2025-04-08 02:03:25.386 sogod[7:7] PG0x0x5555de81e850 SQL: BEGIN > TRANSACTION > 2025-04-08 02:03:25.386 sogod[7:7] PG0x0x5555de81e850 SQL: INSERT > INTO sogo_openid (c_access_token_expires_in, c_refresh_token, > c_session_started, c_old_session, c_refresh_token_expires_in, c_user_session) > VALUES (1744070605, '[REFRESH_TOKEN]', 1744067005, '', -1, > '[ACCESS_TOKEN]') > 2025-04-08 02:03:25.386 sogod[7:7] PG0x0x5555de81e850 SQL: COMMIT > TRANSACTION > 2025-04-08 02:03:25.506 sogod[7:7] PG0x0x5555de830bd0 SQL: BEGIN > TRANSACTION > 2025-04-08 02:03:25.506 sogod[7:7] PG0x0x5555de830bd0 SQL: SELECT > t1.c_creationdate, t1.c_id, t1.c_lastseen, t1.c_value FROM > sogo_sessions_folder t1 WHERE t1.c_id='wOGO5YkbvWaXv3xE' > 2025-04-08 02:03:25.520 sogod[7:7] PG0x0x5555de830bd0 SQL: ROLLBACK > TRANSACTION > 2025-04-08 02:03:25.520 sogod[7:7] PG0x0x5555de81c6a0 SQL: BEGIN > TRANSACTION > 2025-04-08 02:03:25.520 sogod[7:7] PG0x0x5555de81c6a0 SQL: INSERT > INTO sogo_sessions_folder (c_lastseen, c_creationdate, c_value, c_id) VALUES > (1744067005, 1744067005, '[LONG_STRING]', 'wOGO5YkbvWaXv3xE') > 2025-04-08 02:03:25.537 sogod[7:7] PG0x0x5555de81c6a0 SQL: COMMIT > TRANSACTION Apr 08 02:03:25 sogod [7]: |SOGo| request took 0.485499 > seconds to execute Apr 08 02:03:25 sogod [7]: [MYOIDCURL] "GET > /SOGo/?code=[CODE_RETURNED] HTTP/ 1.1" 302 0/0 0.490 - - 1M - 13 Apr > 08 > 02:03:25 sogod [7]: |SOGo| starting method 'GET' on uri '/SOGo' > Apr 08 02:03:25 sogod [7]: |SOGo| request took 0.000552 seconds to > execute Apr 08 02:03:25 sogod [7]: [MYOIDCURL] "GET /SOGo HTTP/1.1" 302 > 0/0 0.001 - > - > 0 - 13 > > Can someone spot what am I missing to let me login? > The browser shows a properly set 0xHIGHFLYxSOGO and openid-location > cookies. > I am making it for sure to this line: > https://github.com/Alinto/sogo/blob/4be3ba227c8f5c30bce2150d183705d > f6ff693c8 > /SoObjects/SOGo/SOGoOpenIdSession.m#L678 > > Thank you > Levi
