Need help with OIDC login to portal

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • SoBeGuy
    Member
    • Jan 2024
    • 62

    Need help with OIDC login to portal

    I created a portal which is working fine. Users are able to login using the built-in Espo authentication.

    Now I want to enable OIDC, so I created an OIDC authentication provider and assigned it as the authentication provider for the portal. I configured the AP using the same settings as the OIDC provider for my main EspoCRM site. The OIDC flow seems to be working correctly. When I click the Sign In button on the portal, it redirects to the IdP login page. After entering the credentials on my IdP login page, it redirects back to the portal, but it displays an error message, "Failed to log in". In my Espo log, I see the following entries:

    Code:
    [2024-09-10 22:14:42] DEBUG: API (403) GET /66be5412ac1ee2793/Oidc/authorizationData; Route pattern: /{portalId}/Oidc/authorizationData; Route params: Array ( [controller] => Oidc [action] => authorizationData [portalId] => 66be5412ac1ee2793 )
    ​[2024-09-10 22:14:42] WARNING: (403) :: GET /66be5412ac1ee2793/Oidc/authorizationData :: /usr/local/lsws/sites/xxx-redacted-xxx.com/application/Espo/Tools/Oidc/Service.php(65)
    ​[2024-09-10 22:16:46] WARNING: OIDC: Token request error.; Status: 401; Response: {"error":"invalid_client","error_description":"Invalid client authentication credentials.","error_reason":"invalid_client_authentication"}

    I don't understand what I'm doing wrong. As I mentioned, I have OIDC working fine on my main Espo site, but I can't seem to get it working on the portal.
  • emillod
    Active Community Member
    • Apr 2017
    • 1405

    #2
    Hello,
    have you checked tokens in Authentication Provider? You can check our tutorial: How to connect EspoCRM to OIDC (Authentik) | Devcrm.it

    Comment

    • yuri
      Member
      • Mar 2014
      • 8440

      #3
      > it redirects back to the portal

      Does it actually redirects to the portal? Maybe it redirects to non-portal?
      If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

      Comment

      • SoBeGuy
        Member
        • Jan 2024
        • 62

        #4
        Originally posted by yuri
        > it redirects back to the portal

        Does it actually redirects to the portal? Maybe it redirects to non-portal?
        It's definitely redirecting to the portal. I created a separate app in the IdP for the portal and that app redirects to the portal subdomain on my Espo server. I can also see in the address bar on the redirect page, it's loading the portal subdomain.

        Comment

        • SoBeGuy
          Member
          • Jan 2024
          • 62

          #5
          Originally posted by emillod
          Hello,
          have you checked tokens in Authentication Provider? You can check our tutorial: How to connect EspoCRM to OIDC (Authentik) | Devcrm.it
          I'm not sure what you mean about checking tokens. I looked at your tutorial, but it's for Authentik. I'm using FusionAuth as my IdP, so the settings are different. However, I have the exact same configuration working correctly for OIDC login on my main Espo site. Therefore, I'm pretty sure the settings are correct. The issue is specific to the portal.

          Comment

          Working...