Question

OpenID connect issue after upgrade to 22.10.4


Badge +6

Hello Team,

I’m faing an issue with OpenID connect after upgrade to version:  22.10.4.

I’m not able to connect, here is error that I encountered:

(Cannot assign null to property Core\Security\Authentication\Infrastructure\Provider\OpenId::$username of type string)

Someone can help ?

Many thanks !!!

 


14 replies

Badge +3

Hi,

 

Commenting line 72:

$this->username = $this->provider->getUserInformation()['email'];

 

in /usr/share/centreon/src/Core/Security/Authentication/Infrastructure/Provider/OpenId.php solves the issue on our platform (but i don’t know there are side effects)

Badge +6

Hello Matoy,

The workaround is working, thanks.

Regards,

Userlevel 6
Badge +18

Hi @matoy and @Bochi do you use “Introspection token endpoint” or “User information endpoint” to get user data?

Userlevel 6
Badge +18

Can you enable debug in “Administration > Parameters > Debug”, perform an authentication, then check in /var/log/centreon/login.log and/or /var/log/php-fpm/centreon-error.log if you receive all user’s information from your IdP?

Badge +2

Hi @Laurent,

I confirm that after enabling debug mode for authentification we have all informations from our IDP and that we don’t use “Introspection token endpoint” and we use “User information endpoint”

 

 

 

Userlevel 6
Badge +18

Hi @jdidierpichat so the claim defined to get email address is part of the “User information endpoint”?

As a string or as an object?

Badge +2

@Laurent I think object, but not sure to understand the question. We have set “/userinfo” for “User information endpoint” on authentification configuration. 

 

 

Userlevel 6
Badge +18

If you have a string, you will have something like {….,”email”:”user@domain.com”,...}

If you have n object, you will have something like {….,”email”:[“user@domain.com”],...}

Badge +2

Hey @Laurent , so we have both, string for personnal information and object for mapping of AD group  

Userlevel 6
Badge +18

So I don’t know why Centreon can’t extract email attribute.

Can you put logs here by replacint personal attributes ? (all the JSON answer for /userinfo endpoint.

Badge +2

2023-09-29 14:57:12|-1|0|0|[Openid] [Debug] User Information:  {"sub":"xxxx","name":"xxxx","locale":"xx","preferred_username":"xxx@xxx.com","given_name":"xxx","family_name":"xxx","zoneinfo":"xxx","updated_at":xxx,"groups":["ABC-OKTA","DEF-OKTA"]}

Userlevel 6
Badge +18

Hi @jdidierpichat In this answer I can’t see “email” field but “preferred_username” look like the email address of your users.

{
"sub": "xxxx",
"name": "xxxx",
"locale": "xx",
"preferred_username": "xxx@xxx.com",
"given_name": "xxx",
"family_name": "xxx",
"zoneinfo": "xxx",
"updated_at": "xxx",
"groups": [
"ABC-OKTA",
"DEF-OKTA"
]
}

Do you configure “preferred_username” as value for “Email attribute path” in “Auto import users” section?

Badge +2

Hi @Laurent Exact 

 

We don’t have field for email maybe because we have comment the line 72 

$this->username = $this->provider->getUserInformation()['email'];

in /usr/share/centreon/src/Core/Security/Authentication/Infrastructure/Provider/OpenId.php ? 

 

 

Userlevel 6
Badge +18

Ok, if you use preferred_username as login and email address, Centreon must find value for your users and you don’t have to comment line 72.

Reply