Comments (7)
It looks like your provider doesn't return "groups". That's why it fails.
from traccar.
Weird!
Azure Active Directory / EntraID certain supports groups in its OIDC implementation and I am successfully using it with this Wordpress plugin https://github.com/psignoret/aad-sso-wordpress for example to login and assign different members of security groups in the directory to different Wordpress roles. It must return groups for that? I've given the app permission to read all users and groups in the directory too.
![Screenshot 2024-01-30 at 14 49 29](https://private-user-images.githubusercontent.com/4114550/300852399-e1b79232-9b2e-4478-abbb-28c9a2360bdd.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MDg4NjUyNjcsIm5iZiI6MTcwODg2NDk2NywicGF0aCI6Ii80MTE0NTUwLzMwMDg1MjM5OS1lMWI3OTIzMi05YjJlLTQ0NzgtYWJiYi0yOGM5YTIzNjBiZGQucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDIyNSUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDAyMjVUMTI0MjQ3WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9Y2MwYzk4NTA1NDZjODU3YzQ0ZGM0ZTM3ZjUxZmU0ODg4ZWVhZTRmZTFkMDI1OGY2MjJmNGU5OWIwMWY0OTQ2YyZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.cwrJql9jR3c0p1tI3Hl0mrIb1cfDnKUgYjUFVD9aQCk)
from traccar.
It could be that they report it as a different parameter.
from traccar.
Okay I have made some progress.....
I had to add groups as an optional claim so that it is retuned in the token. I've also ensured email and UPN are returned in the token
However, now I get
Your OpenID Groups do not permit access to Traccar. - GeneralSecurityException (OpenIdProvider:189 < SessionResource:172 < ... < OverrideFilter:49 < ...)
I am a member of both the groups and the app in EntraID has access to the groups specified in openid.allowGroup
and openid.adminGroup
. When I remove these entries in the Traccar config file I get this error again.
No value specified for parameter 1 - SQLException (... < QueryBuilder:413 < DatabaseStorage:76 < Storage:49 < ...)
Any ideas where I'm going wrong?
from traccar.
Probably something is wrong with your openid.allowGroup
or openid.adminGroup
:
from traccar.
I'm having this exact same issue. I did end up getting it to work without the allowGroup or adminGroup functionality.
You need to make sure you use the correct issuerUrl, instead of defining the URLs individually.
<entry key='openid.issuerUrl'>https://login.microsoftonline.com/<your-m365-tenantid>/v2.0</entry>
If you do put in allowGroup or adminGroup, the login will fail with the below error:
AADSTS650053: The application 'Traccar' asked for scope 'groups' that doesn't exist on the resource '00000003-0000-0000-c000-000000000000'
That UUID refers to Microsoft Graph. My guess is somehow the groups aren't being read correctly, at least on an Azure standpoint.
from traccar.
I am using ADFS without openid.allowGroup
or openid.adminGroup
rather than Entra ID, but I've encountered the same error:
No value specified for parameter 1 - SQLException (... < QueryBuilder:413 < DatabaseStorage:76 < Storage:49 < ...)
I've concluded that this is because Traccar is trying to retrieve the email
claim from the userinfo
endpoint, but ADFS only returns the sub
claim. Microsoft recommends using the id_token
instead of the userinfo
endpoint for performance reasons, but I don't see how this would impact Entra ID since the email
scope is supposed to cause the email
claim to be included in the userinfo
response anyway.
Unfortunately, I can't get ADFS on Windows Server 2019 to return the email
claim in the id_token
. It doesn't respect the email
scope and using custom claim mappings doesn't affect the access_token
or id_token
at all... I can't think of a good workaround for this since Traccar doesn't have a username
field. In other applications, I would have just used upn
(i.e. "User Principal Name") as the username and set the email manually.
from traccar.
Related Issues (20)
- Blank page (web & app) after updating the server - requires deletion of cookies HOT 1
- Since upgrading to 5.11, Multiple notifications are being sent for a single event HOT 1
- Service restart HOT 1
- Linking Home Assistant to external server not working HOT 1
- build report 'peer not authenticated' HOT 3
- Permit use "full" templates on Telegram HOT 5
- Add MaxLifeTime configuration for HikariCP to traccar.xml HOT 1
- Feature Request : Icons for attributes and computed attributes HOT 1
- Traccar fails to update past 5.7/5.8 if the DB is too large (on Linux, systemd-based systems).
- traccar 5.12 reports fail java HOT 4
- traccar app does not notify... HOT 1
- Feature request: Notification channels restricted per user or per group or both.
- ER diagram not found in the documentation ? HOT 1
- Feature request: Private and business trips
- Car dissappeared from the map after updating from old version of traccar to latest version (v5.12) HOT 2
- Неверное отображение поездок в отчетах. HOT 1
- Feature request: include device IMEI in position forwarding HOT 5
- Feature request: Styling for point markers.
- Get Error in broadcast with redis
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from traccar.