Hello everyone,
I have SOGo setup with LDAP usersource, it works fine.
My AD servers synced to MS Entra ID, we have some apps that already using
OpenID connect (Moodle) and it works fine.
I'm trying to make SOGo authenticate with Entra ID as well.
Here is my sogo.conf (OpenID portion)
/* OpenID */
OCSOpenIdURL = "mysql://sogo:===mysql sogo [email protected]:3306/
sogo/sogo_openid";
SOGoAuthenticationType = openid;
SOGoXSRFValidationEnabled = NO;
SOGoOpenIdConfigUrl = "https://login.microsoftonline.com/==Long string
that pointed to my APP ID==/v2.0/.well-known/openid-configuration";
SOGoOpenIdClient = "===oidc client id ===";
SOGoOpenIdClientSecret = "===oidc secret===";
SOGoOpenIdScope = "profile email openid";
SOGoOpenIdEmailParam = "mail";
SOGoOpenIdEnableRefreshToken = NO;
SOGoOpenIdTokenCheckInterval = 200;
On Entra ID I put "https://myactualsite.domain/SOGo/"; as the redirect URI.
After I restart sogo service on Ubuntu 24.04, sogo_openid table is created in
sogo database.
But when I tried to login, authentication process on Microsoft authentication
portal is successful until it got redirected, it shows blank page for minutes
and it end up with NGINX error.
Here is my sogo.log
May 14 15:16:15 sogod [301625]: |SOGo| starting method 'GET' on uri '/SOGo/'
May 14 15:16:15 sogod [301625]: <0x0x58b6a36f21a0[SOGoCache]> Cache cleanup
interval set every 300.000000 seconds
May 14 15:16:15 sogod [301625]: <0x0x58b6a36f21a0[SOGoCache]> Using host(s)
'127.0.0.1' as server(s)
May 14 15:16:15 sogod [301625]: [WARN] <0x0x78181bad01e0[WOxElemBuilder]>
could not locate builders: WOxExtElemBuilder,WOxExtElemBuilder
May 14 15:16:15 sogod [301625]: |SOGo| request took 0.556267 seconds to
execute
May 14 15:16:15 sogod [301625]: 172.16.14.19 "GET /SOGo/ HTTP/1.0" 302 0/0
0.559 - - 5M - 11
May 14 15:16:18 sogod [301625]: |SOGo| starting method 'GET' on uri '/SOGo/?
code=1.AVQA6i==VERY LONG STRINGS==&session_state=2a2cdd81-8446-4284-af1d-
b6dc12e886b1'
May 14 15:17:18 sogod [301613]: [WARN] <0x0x58b6a39b13f0[WOWatchDogChild]> pid
301625 has been hanging in the same request for 1 minutes
May 14 15:18:18 sogod [301613]: [WARN] <0x0x58b6a39b13f0[WOWatchDogChild]> pid
301625 has been hanging in the same request for 2 minutes
2025-05-14 15:18:28.431 sogod[301625:301625] caught SIGPIPE - ignoring!
May 14 15:18:28 sogod [301625]: [ERROR] <0x0x58b6a3f7fcd0[GSCBufferString]>
json parser: Expected value while parsing array, attempting once more after
unescaping...
May 14 15:18:28 sogod [301625]: [ERROR] <0x0x58b6a3f7fcd0[GSCBufferString]>
total failure. Original string is: E5
{"sub":"AgbeINzGF6Oao3N_mW4RzY6EQmbZM1dF1bbiz-CUrTo","name":"==My name on
AD==","family_name":"==My family name on AD==","given_name":"==My given name
on
AD==","picture":"https://graph.microsoft.com/v1.0/me/photo/$value","email":"==My
email on AD=="}
0
May 14 15:18:28 sogod [301625]: [ERROR] <0x0x78181c11f160[SOGoSession]> Value
to be secured is too big (2601 > 1575) -- secured value will be corrupted
May 14 15:18:28 sogod [301625]: |SOGo| request took 130.323775 seconds to
execute
May 14 15:18:28 sogod [301625]: [ERROR] <0x0x58b6a3e91750[WOHttpTransaction]>
client disconnected during delivery of response for
<WORequest[0x0x58b6a39c5500]: method=GET uri=/SOGo/?code=1.AVQA6i==VERY LONG
STRINGS==&session_state=2a2cdd81-8446-4284-af1d-b6dc12e886b1 app=SOGo rqKey=
rqPath=(null)> (len=0): the socket was shutdown
May 14 15:18:28 sogod [301625]: 172.16.14.19 "GET /SOGo/?code=1.AVQA6i==VERY
LONG STRINGS==&session_state=2a2cdd81-8446-4284-af1d-b6dc12e886b1 HTTP/1.0"
302 0/0 130.327 - - 2M - 13
I see a lot of errors from this authentication attemp, and I have no idea what
this is --> [ERROR] <0x0x78181c11f160[SOGoSession]> Value to be secured is too
big (2601 > 1575) -- secured value will be corrupted
Maybe it's the cause why it fail to redirect, right?
Please help me figure out what's wrong with my setup.
