Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!

Problem setting up OpenID connect with kanidm

More
2 hours 31 minutes ago #274652 by BugsBunny
Hi all,

I am running LimeSurvey Community Edition  Version 7.0.0+260526 on an Ubuntu server. I am trying to get login using OpenID Connect to work. The IDM is kanidm. The plugin I use is AuthOAuth2 (version 1.4.5).

I've configured the plugin and while I am correctly redirected to the IDM (and there is no error in the log there, I still see an error message "Incorrect username and/or password!" But only when I use only one scope.

Because the only problem (bug?) I noticed with the plugin is that if I set more than one scope (usually "openid, email, profile" is needed) there seems to be a problem with how the scope is URL-encoded (?) because I see a regex matching error in the kanidm log between the requested and offered scopes.
Code:
b256b8da-5db3-44bd-b1c9-48d63881d77c ERROR │ ┕━ 🚨 [error]: Invalid OAuth2 request - requested scopes (profile,email,openid) but (profile,email,openid) failed to pass validation rules - all must match the regex ^[0-9a-zA-Z_]+$ | event_tag_id: 1 b256b8da-5db3-44bd-b1c9-48d63881d77c ERROR ┕━ 🚨 [error]: Unable to authorise - Error ID: b256b8da-5db3-44bd-b1c9-48d63881d77c error: invalid_scope

My questions:
1) Does someone of you also use LimeSurvey together with kanidm and could tell me the specific configuration settings for the plugin?

2) What's the best way to debug this?

Please Log in to join the conversation.

More
2 hours 8 minutes ago #274654 by holch
Before you do any more testing, update to the latest version of LS7 which should be LS7.0.5+260623.

If the error persists, then you can go search how to debug.

Help us to help you!
  • Provide your LS version and where it is installed (own server, uni/employer, SaaS hosting, etc.).
  • Always provide a LSS file (not LSQ or LSG).
Note: I answer at this forum in my spare time, I'm not a LimeSurvey GmbH employee.

Please Log in to join the conversation.

More
1 hour 35 minutes ago #274655 by BugsBunny
I've upgraded to the latest version but the problem persists, unfortunately.

Please Log in to join the conversation.

More
1 hour 11 minutes ago #274656 by holch
Good, then one factor is already excluded. Now it makes sense to start troubleshooting.

Let's see if someone has experience with setting up OpenId, because I don't.

The plugin I use is AuthOAuth2 (version 1.4.5).


Is this a Limesurvey Plugin? Is it made for LS 7?

Help us to help you!
  • Provide your LS version and where it is installed (own server, uni/employer, SaaS hosting, etc.).
  • Always provide a LSS file (not LSQ or LSG).
Note: I answer at this forum in my spare time, I'm not a LimeSurvey GmbH employee.

Please Log in to join the conversation.

Moderators: holchtpartner

Lime-years ahead

Online-surveys for every purse and purpose