listmonk icon indicating copy to clipboard operation
listmonk copied to clipboard
verified publisher icon knadh

OICD login using Authentik

Open LarsK1 opened this issue 1 year ago • 11 comments

Hi everyone, thanks for this awesome piece of software. I noted that the OIDC-login has recently been added. I now wanted to integrate it in our own selfhosted Authentik instance. But every URL I entered, didn't work. image Which one should be used?

Thanks for your help in advance! Lars

LarsK1 avatar Dec 11 '24 11:12 LarsK1

It looks like the URL should be https://server2.blumagine.de:9443/application/o/listmonk. What do you get when trying this URL?

knadh avatar Dec 11 '24 12:12 knadh

That's what I though as well: image

LarsK1 avatar Dec 11 '24 12:12 LarsK1

image

LarsK1 avatar Dec 11 '24 12:12 LarsK1

Ah, the issue seems to be, that the Let's Encrypt cert is not recognized: 2024/12/11error initializing OIDC OAuth provider: Get "https://server2.blumagine.de:9443/application/o/listmonk/.well-known/openid-configuration": tls: failed to verify certificate: x509: certificate signed by unknown authority

LarsK1 avatar Dec 11 '24 12:12 LarsK1

hm, that's weird. It looks like in your server environment, the root/CA certificate of LetsEncrypt is missing from the OS certificate trust store for some reason.

knadh avatar Dec 11 '24 12:12 knadh

Resolved the ssl cert issue. Still missing something image

LarsK1 avatar Dec 11 '24 15:12 LarsK1

I get the same exact error message after configuring SSO with Microsoft Azure.

chergett avatar Dec 11 '24 16:12 chergett

This issue has been marked 'stale' after 90 days of inactivity. If there is no further activity, it will be closed in 7 days.

github-actions[bot] avatar Mar 12 '25 02:03 github-actions[bot]

I just got the following error with my Authentik instance:

2025-03-15T23:59:42.499845282Z 2025/03/15 23:59:42.499637 auth.go:97: error initializing OIDC OAuth provider: oidc: issuer did not match the issuer returned by provider, expected "https://auth.devminer.xyz/application/o/news" got "https://auth.devminer.xyz/application/o/news/"

If you also encounter this, add the trailing slash in the Listmonk configuration.

TheDevMinerTV avatar Mar 16 '25 00:03 TheDevMinerTV

For those trying to get Listmonk working with Authentik OIDC, see my comments in #2209.

skjdghsdjgsdj avatar Mar 25 '25 21:03 skjdghsdjgsdj

I had a similar issue just recently. I realized it was an error on my side: When renaming an application in authentik, the slug of the application also gets changed. This will result in errors e.g. with OIDC-applications because the configured path is no longer valid. The slug-field automatically gets overwritten but I didn't see it at the time and there was no warning. See also here: https://github.com/goauthentik/authentik/issues/13690 To fix this, I had to reset the slug of the application (authentik logs are helpful as they show past slugs too) and restart listmonk. Restarting listmonk is key, as it initializes OIDC when its started and won't retry after a fail (which, honestly, is totally fine)

thebootable avatar Mar 28 '25 00:03 thebootable

This issue has been marked 'stale' after 90 days of inactivity. If there is no further activity, it will be closed in 7 days.

github-actions[bot] avatar Jun 26 '25 02:06 github-actions[bot]