traccar icon indicating copy to clipboard operation
traccar copied to clipboard
verified publisher icon traccar

OpenID and Authentik throw GeneralSecurityException

Open mateuszpawlak opened this issue 1 year ago • 1 comments

Describe the bug After configured OpenID with Authentik i received this error:

Unable to authenticate with the OpenID Connect provider. - GeneralSecurityException (OpenIdProvider:143 < *:179 < SessionResource:173 < ... < OverrideFilter:49 < ...)

To Reproduce Steps to reproduce the behavior:

  1. Configure OpenID with Authentik
  2. Click on LOGIN WITH OPENID
  3. See error

Expected behavior A clear and concise description of what you expected to happen.

Screenshots Configuration of OpenID:

    <entry key='openid.clientId'>CONFIDENT</entry>
    <entry key='openid.clientSecret'>CONFIDENT</entry>
    <entry key='openid.issuerUrl'>https://authentikurl/application/o/traccar</entry>
    <entry key='openid.authUrl'>https://authentikurl/application/o/authorize/</entry>
    <entry key='openid.tokenUrl'>https://authentikurl/application/o/token/</entry>
    <entry key='openid.userInfoUrl'>https://authentikurl/application/o/userinfo/</entry>

Desktop (please complete the following information):

  • OS: Windows 11, Ubuntu 24.04
  • Browser Chrome, Firefox
  • Version [e.g. 22]

mateuszpawlak avatar Jun 25 '24 09:06 mateuszpawlak

It is working fine with authentik for me. As documented in https://www.traccar.org/openid-sso/ use either issuerUrl or authUrl, tokenUrl and userInfoUrl.

Are you using a self-signed certificate for authentik? Then import the certificate of your local certificate authority into traccar, for example: /opt/traccar/jre/bin/keytool -importcert -keystore /opt/traccar/jre/lib/security/cacerts -storepass changeit -file /etc/ssl/certs/CA.pem

bob4os avatar Jul 29 '24 17:07 bob4os