authentik icon indicating copy to clipboard operation
authentik copied to clipboard

Published 20 hours ago verified publisher icon goauthentik

Help to setup Authentik with Filerun

Open bloodyburger opened this issue 1 year ago • 4 comments

I'm using Filerun with docker SWAG as reverse proxy. I setup new provider with redirect URI as described here. When I try to login I always get redirect URI invalid error although I have the same url in Filerun and Authentik. I'm using version 2023.5.3 and any help would be appreciated.

bloodyburger avatar Jun 09 '23 17:06 bloodyburger

Can you post the redirect URL you have configured?

Also check the authentik server container for Invalid redirect uri where you see what is expected to be set

BeryJu avatar Jun 20 '23 09:06 BeryJu

Hey @bloodyburger - did you find a solution?

I have the same problem with Authentik version 2024.4.1. I triple-checked the URI I got from Filerun https://redacted.tld/?module=fileman&page=sso, but Authentik still tells me Redirect URI Error.

The corresponding logs from authentik-server:

authentik-server      | {"auth_via": "session", "domain_url": "my-authentik.tld", "event": "Invalid redirect uri (regex comparison)", "host": "my-authentik.tld", "level": "warning", "logger": "authentik.providers.oauth2.views.authorize", "pid": 42, "redirect_uri_expected": ["https://redacted.tld/?module=fileman&page=sso"], "redirect_uri_given": "https://redacted.tld/?module=fileman&page=sso", "request_id": "af3ffea899514afd87e1c89f83731516", "schema_name": "public", "timestamp": "2024-05-04T08:16:05.087508"}
authentik-server      | {"auth_via": "session", "domain_url": "my-authentik.tld", "event": "The request fails due to a missing, invalid, or mismatching redirection URI (redirect_uri).", "host": "my-authentik.tld", "level": "warning", "logger": "authentik.providers.oauth2.views.authorize", "pid": 42, "request_id": "af3ffea899514afd87e1c89f83731516", "schema_name": "public", "timestamp": "2024-05-04T08:16:05.087844"}
authentik-server      | {"auth_via": "session", "domain_url": "my-authentik.tld", "event": "/application/o/authorize/?state=81924449de2cac6229cd8cd7a8370376&scope=openid%20email%20profile&response_type=code&redirect_uri=https%3A%2F%2Fredacted.tld%2F%3Fmodule%3Dfileman%26page%3Dsso&client_id=oo7Kwx2cHEKH23amZy663ppzWn5Bsk2RXpKLh6Zr", "host": "my-authentik.tld", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 42, "remote": "84.112.125.30", "request_id": "af3ffea899514afd87e1c89f83731516", "runtime": 59, "schema_name": "public", "scheme": "https", "status": 400, "timestamp": "2024-05-04T08:16:05.129118", "user": "klaus", "user_agent": "Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0"}
authentik-server      | {"event":"/static/dist/assets/fonts/RedHatDisplay/RedHatDisplay-Medium.woff2","host":"my-authentik.tld","level":"info","logger":"authentik.router","method":"GET","remote":"84.112.125.30","runtime":"0.377","scheme":"http","size":28661,"status":200,"timestamp":"2024-05-04T08:16:05Z","user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0"}

my-authentik.tld is my domain for authentik redacted.tld is my domain for filerun

Any ideas how to solve this?

klaus1k avatar May 04 '24 08:05 klaus1k

If you didn't solve this already, I just came across your thread and saw you were running into the same issue.

Basically it's because Authentik uses regex for the redirect URI, you'll need to exclude certain characters in the URL provided by Filerun.

You can use something like:

"https://cloud\.domain\.net/\?module=fileman&page=sso"

valdearg avatar May 06 '24 12:05 valdearg

Thanks @valdearg, that solved the error!

klaus1k avatar May 15 '24 17:05 klaus1k