Hello,
Could you open a ticket there -> https://bugs.sogo.nu ?
I'll need to manually give your account the right to open an issue.
--
Quentin Hivert || Alinto || R&D Lead Developer
19 Quai Perrache 69002 Lyon
www.alinto.com
-----Original Message-----
From: users-requ...@sogo.nu <users-requ...@sogo.nu> On Behalf Of "Panupong
Viyavech"
Sent: mercredi 14 mai 2025 12:24
To: users@sogo.nu
Subject: [SOGo] SOGo + OpenID authentication with MS Entra ID problem
Hello everyone,
I have SOGo setup with LDAP usersource, it works fine.
My AD servers synced to MS Entra ID, we have some apps that already using
OpenID connect (Moodle) and it works fine.
I'm trying to make SOGo authenticate with Entra ID as well.
Here is my sogo.conf (OpenID portion)
/* OpenID */
OCSOpenIdURL = "mysql://sogo:===mysql sogo password===@127.0.0.1:3306/
sogo/sogo_openid";
SOGoAuthenticationType = openid;
SOGoXSRFValidationEnabled = NO;
SOGoOpenIdConfigUrl = "https://login.microsoftonline.com/==Long string
that pointed to my APP ID==/v2.0/.well-known/openid-configuration";
SOGoOpenIdClient = "===oidc client id ===";
SOGoOpenIdClientSecret = "===oidc secret===";
SOGoOpenIdScope = "profile email openid";
SOGoOpenIdEmailParam = "mail";
SOGoOpenIdEnableRefreshToken = NO;
SOGoOpenIdTokenCheckInterval = 200;
On Entra ID I put "https://myactualsite.domain/SOGo/"; as the redirect URI.
After I restart sogo service on Ubuntu 24.04, sogo_openid table is created
in sogo database.
But when I tried to login, authentication process on Microsoft
authentication portal is successful until it got redirected, it shows blank
page for minutes and it end up with NGINX error.
Here is my sogo.log
May 14 15:16:15 sogod [301625]: |SOGo| starting method 'GET' on uri '/SOGo/'
May 14 15:16:15 sogod [301625]: <0x0x58b6a36f21a0[SOGoCache]> Cache cleanup
interval set every 300.000000 seconds May 14 15:16:15 sogod [301625]:
<0x0x58b6a36f21a0[SOGoCache]> Using host(s) '127.0.0.1' as server(s) May 14
15:16:15 sogod [301625]: [WARN] <0x0x78181bad01e0[WOxElemBuilder]>
could not locate builders: WOxExtElemBuilder,WOxExtElemBuilder
May 14 15:16:15 sogod [301625]: |SOGo| request took 0.556267 seconds to
execute May 14 15:16:15 sogod [301625]: 172.16.14.19 "GET /SOGo/ HTTP/1.0"
302 0/0
0.559 - - 5M - 11
May 14 15:16:18 sogod [301625]: |SOGo| starting method 'GET' on uri '/SOGo/?
code=1.AVQA6i==VERY LONG STRINGS==&session_state=2a2cdd81-8446-4284-af1d-
b6dc12e886b1'
May 14 15:17:18 sogod [301613]: [WARN] <0x0x58b6a39b13f0[WOWatchDogChild]>
pid
301625 has been hanging in the same request for 1 minutes May 14 15:18:18
sogod [301613]: [WARN] <0x0x58b6a39b13f0[WOWatchDogChild]> pid
301625 has been hanging in the same request for 2 minutes
2025-05-14 15:18:28.431 sogod[301625:301625] caught SIGPIPE - ignoring!
May 14 15:18:28 sogod [301625]: [ERROR] <0x0x58b6a3f7fcd0[GSCBufferString]>
json parser: Expected value while parsing array, attempting once more after
unescaping...
May 14 15:18:28 sogod [301625]: [ERROR] <0x0x58b6a3f7fcd0[GSCBufferString]>
total failure. Original string is: E5
{"sub":"AgbeINzGF6Oao3N_mW4RzY6EQmbZM1dF1bbiz-CUrTo","name":"==My name on
AD==","family_name":"==My family name on AD==","given_name":"==My given name
on
AD==","picture":"https://graph.microsoft.com/v1.0/me/photo/$value","email":";
==My
email on AD=="}
0
May 14 15:18:28 sogod [301625]: [ERROR] <0x0x78181c11f160[SOGoSession]>
Value to be secured is too big (2601 > 1575) -- secured value will be
corrupted May 14 15:18:28 sogod [301625]: |SOGo| request took 130.323775
seconds to execute May 14 15:18:28 sogod [301625]: [ERROR]
<0x0x58b6a3e91750[WOHttpTransaction]>
client disconnected during delivery of response for
<WORequest[0x0x58b6a39c5500]: method=GET uri=/SOGo/?code=1.AVQA6i==VERY LONG
STRINGS==&session_state=2a2cdd81-8446-4284-af1d-b6dc12e886b1 app=SOGo rqKey=
rqPath=(null)> (len=0): the socket was shutdown May 14 15:18:28 sogod
[301625]: 172.16.14.19 "GET /SOGo/?code=1.AVQA6i==VERY LONG
STRINGS==&session_state=2a2cdd81-8446-4284-af1d-b6dc12e886b1 HTTP/1.0"
302 0/0 130.327 - - 2M - 13
I see a lot of errors from this authentication attemp, and I have no idea
what this is --> [ERROR] <0x0x78181c11f160[SOGoSession]> Value to be secured
is too big (2601 > 1575) -- secured value will be corrupted Maybe it's the
cause why it fail to redirect, right?
Please help me figure out what's wrong with my setup.
