Announcement

Collapse
No announcement yet.

Need help with OIDC login to portal

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Need help with OIDC login to portal

    I created a portal which is working fine. Users are able to login using the built-in Espo authentication.

    Now I want to enable OIDC, so I created an OIDC authentication provider and assigned it as the authentication provider for the portal. I configured the AP using the same settings as the OIDC provider for my main EspoCRM site. The OIDC flow seems to be working correctly. When I click the Sign In button on the portal, it redirects to the IdP login page. After entering the credentials on my IdP login page, it redirects back to the portal, but it displays an error message, "Failed to log in". In my Espo log, I see the following entries:

    Code:
    [2024-09-10 22:14:42] DEBUG: API (403) GET /66be5412ac1ee2793/Oidc/authorizationData; Route pattern: /{portalId}/Oidc/authorizationData; Route params: Array ( [controller] => Oidc [action] => authorizationData [portalId] => 66be5412ac1ee2793 )
​[2024-09-10 22:14:42] WARNING: (403) :: GET /66be5412ac1ee2793/Oidc/authorizationData :: /usr/local/lsws/sites/xxx-redacted-xxx.com/application/Espo/Tools/Oidc/Service.php(65)
​[2024-09-10 22:16:46] WARNING: OIDC: Token request error.; Status: 401; Response: {"error":"invalid_client","error_description":"Invalid client authentication credentials.","error_reason":"invalid_client_authentication"}

    I don't understand what I'm doing wrong. As I mentioned, I have OIDC working fine on my main Espo site, but I can't seem to get it working on the portal.
    Tags: None
  • #2
    Hello,
    have you checked tokens in Authentication Provider? You can check our tutorial: How to connect EspoCRM to OIDC (Authentik) | Devcrm.it

    Comment

    • #3
      > it redirects back to the portal

      Does it actually redirects to the portal? Maybe it redirects to non-portal?

      Comment

      • #4
        Originally posted by yuri View Post
        > it redirects back to the portal

        Does it actually redirects to the portal? Maybe it redirects to non-portal?
        It's definitely redirecting to the portal. I created a separate app in the IdP for the portal and that app redirects to the portal subdomain on my Espo server. I can also see in the address bar on the redirect page, it's loading the portal subdomain.

        Comment

        • #5
          Originally posted by emillod View Post
          Hello,
          have you checked tokens in Authentication Provider? You can check our tutorial: How to connect EspoCRM to OIDC (Authentik) | Devcrm.it
          I'm not sure what you mean about checking tokens. I looked at your tutorial, but it's for Authentik. I'm using FusionAuth as my IdP, so the settings are different. However, I have the exact same configuration working correctly for OIDC login on my main Espo site. Therefore, I'm pretty sure the settings are correct. The issue is specific to the portal.

          Comment

          Previous template Next
          Working...
          X