Hello, Did you configure a usersource after all? It is mandatory, openid is just for the authentication but sogo will still need a user source to fetch infos of the user. This endless loop probably means that the email fetch from the openid server is not found in your user source.
Quentin -----Original Message----- From: [email protected] <[email protected]> On Behalf Of "Levi" Sent: mardi 8 avril 2025 01:34 To: [email protected] Subject: [SOGo] OIDC login endless loop on successful login Hi, I have installed v5.12.0 and trying to make OIDC login to work. The first hitch was that SOGo requires the end_session_endpoint key present in the openid-configuration. That has been solved. After that without user source configured it is telling on boot: Apr 08 01:25:16 sogod [9]: [WARN] <0x0x7f7790e3c180[WOxElemBuilder]> could not locate builders: WOxExtElemBuilder,WOxExtElemBuilder Apr 08 01:25:16 sogod [9]: [ERROR] <0x0x5558161cd7e0[SOGoUserManager]> No authentication sources defined - nobody will be able to login. Check your defaults. I am not sure if this has any effect, I can make it go away by specifying a user source. Given these configurations: SOGoAuthenticationType = "openid"; SOGoOpenIdConfigUrl = "https://[MYOIDCURL]/.well-known/openid-configuration";; SOGoOpenIdClient = "sogo"; SOGoOpenIdClientSecret = "sogo"; SOGoOpenIdScope = "openid offline_access"; SOGoOpenIdEmailParam = "email"; SOGoOpenIdEnableRefreshToken = YES; SOGoOpenIdTokenCheckInterval = 300; SOGoOpenIdLogoutEnabled = NO; I am getting into an endless loop on the oauth provider login, even though seemingly the user and its email has been fetched correctly from the userinfo endpoint: Apr 08 02:03:11 sogod [7]: |SOGo| starting method 'GET' on uri '/SOGo' Apr 08 02:03:11 sogod [7]: <0x0x5555de4e2c80[SOGoCache]> Cache cleanup interval set every 300.000000 seconds Apr 08 02:03:11 sogod [7]: <0x0x5555de4e2c80[SOGoCache]> Using host(s) 'memcached' as server(s) Apr 08 02:03:11 sogod [7]: [WARN] <0x0x7fa5e0cdb180[WOxElemBuilder]> could not locate builders: WOxExtElemBuilder,WOxExtElemBuilder 2025-04-08 02:03:11.795 sogod[7:7] PG0x0x5555de66fa50 SQL: SELECT c_defaults FROM sogo_user_profile WHERE c_uid = 'anonymous' 2025-04-08 02:03:11.940 sogod[7:7] PG0x0x5555de66fa50 SQL: select character_octet_length as CHARACTER_MAXIMUM_LENGTH from information_schema.columns where table_name = 'sogo_user_profile' AND column_name = 'c_defaults' 2025-04-08 02:03:12.277 sogod[7:7] OpenId perform request: GET https://[MYOIDCURL]/.well-known/openid-configuration 2025-04-08 02:03:12.277 sogod[7:7] OpenId perform request, headers (null) Apr 08 02:03:12 sogod [7]: |SOGo| request took 0.987919 seconds to execute Apr 08 02:03:12 sogod [7]: [MYOIDCURL] "GET /SOGo HTTP/1.1" 302 0/0 1.018 - - 4M - 11 Apr 08 02:03:25 sogod [7]: |SOGo| starting method 'GET' on uri '/SOGo/? code=[CODE_RETURNED]' 2025-04-08 02:03:25.084 sogod[7:7] OpenId perform request: POST https://[MYOIDCURL]/auth/token 2025-04-08 02:03:25.084 sogod[7:7] OpenId perform request, headers {"content- type" = "application/x-www-form-urlencoded"; } 2025-04-08 02:03:25.162 sogod[7:7] fetch token response: {"access_token" = "[ACCESS_TOKEN]"; "expires_in" = 3600; "id_token" = "[ID_TOKEN]"; "refresh_token" = "[REFRESH_TOKEN]"; "token_type" = bearer; } 2025-04-08 02:03:25.162 sogod[7:7] OpenId perform request: GET https://[MYOIDCURL]/auth/userinfo 2025-04-08 02:03:25.162 sogod[7:7] OpenId perform request, headers {authorization = "Bearer [ACCESS_TOKEN]"; "content-type" = "application/x-www- form-urlencoded"; } >>>> 2025-04-08 02:03:25.199 sogod[7:7] OpenId fetch user info, profile is {email = "test@[MAIL_DOMAIN]"; "email_verified" = 1; name = "Test"; "preferred_username" = "[DOMAIN]_test"; sub = 59; } >>>> 2025-04-08 02:03:25.370 sogod[7:7] PG0x0x5555de821250 SQL: BEGIN TRANSACTION 2025-04-08 02:03:25.371 sogod[7:7] PG0x0x5555de821250 SQL: SELECT t1.c_access_token_expires_in, t1.c_old_session, t1.c_refresh_token, t1.c_refresh_token_expires_in, t1.c_session_started, t1.c_user_session FROM sogo_openid t1 WHERE t1.c_user_session='[ACCESS_TOKEN]' 2025-04-08 02:03:25.385 sogod[7:7] PG0x0x5555de821250 SQL: ROLLBACK TRANSACTION 2025-04-08 02:03:25.386 sogod[7:7] PG0x0x5555de81e850 SQL: BEGIN TRANSACTION 2025-04-08 02:03:25.386 sogod[7:7] PG0x0x5555de81e850 SQL: INSERT INTO sogo_openid (c_access_token_expires_in, c_refresh_token, c_session_started, c_old_session, c_refresh_token_expires_in, c_user_session) VALUES (1744070605, '[REFRESH_TOKEN]', 1744067005, '', -1, '[ACCESS_TOKEN]') 2025-04-08 02:03:25.386 sogod[7:7] PG0x0x5555de81e850 SQL: COMMIT TRANSACTION 2025-04-08 02:03:25.506 sogod[7:7] PG0x0x5555de830bd0 SQL: BEGIN TRANSACTION 2025-04-08 02:03:25.506 sogod[7:7] PG0x0x5555de830bd0 SQL: SELECT t1.c_creationdate, t1.c_id, t1.c_lastseen, t1.c_value FROM sogo_sessions_folder t1 WHERE t1.c_id='wOGO5YkbvWaXv3xE' 2025-04-08 02:03:25.520 sogod[7:7] PG0x0x5555de830bd0 SQL: ROLLBACK TRANSACTION 2025-04-08 02:03:25.520 sogod[7:7] PG0x0x5555de81c6a0 SQL: BEGIN TRANSACTION 2025-04-08 02:03:25.520 sogod[7:7] PG0x0x5555de81c6a0 SQL: INSERT INTO sogo_sessions_folder (c_lastseen, c_creationdate, c_value, c_id) VALUES (1744067005, 1744067005, '[LONG_STRING]', 'wOGO5YkbvWaXv3xE') 2025-04-08 02:03:25.537 sogod[7:7] PG0x0x5555de81c6a0 SQL: COMMIT TRANSACTION Apr 08 02:03:25 sogod [7]: |SOGo| request took 0.485499 seconds to execute Apr 08 02:03:25 sogod [7]: [MYOIDCURL] "GET /SOGo/?code=[CODE_RETURNED] HTTP/ 1.1" 302 0/0 0.490 - - 1M - 13 Apr 08 02:03:25 sogod [7]: |SOGo| starting method 'GET' on uri '/SOGo' Apr 08 02:03:25 sogod [7]: |SOGo| request took 0.000552 seconds to execute Apr 08 02:03:25 sogod [7]: [MYOIDCURL] "GET /SOGo HTTP/1.1" 302 0/0 0.001 - - 0 - 13 Can someone spot what am I missing to let me login? The browser shows a properly set 0xHIGHFLYxSOGO and openid-location cookies. I am making it for sure to this line: https://github.com/Alinto/sogo/blob/4be3ba227c8f5c30bce2150d183705df6ff693c8 /SoObjects/SOGo/SOGoOpenIdSession.m#L678 Thank you Levi
