-
|
I setup Authentik this weekend and I am stuck on getting Semaphore working. I followed the instructions found here, but when I try to login with Authentik it goes out to Authentik, but comes back to the login screen. No message of any kind, but looking at the logs in Portainer I get this: The only reason why my user in Semaphore is admin, I thought in was conflicting with my Authentik user since it was the same. However, no matter what username I give it I get the same error, but with the username at that time. I read the instructions for OIDC and added all the endpoint stuff, but nothing seems to work. Any idea why I am seeing this error? My last attempt looked like this: Sorry forgot to mention my versions: |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments 9 replies
-
|
The username claim | doesn't make sense |
Beta Was this translation helpful? Give feedback.
-
|
Hi @tboerger It is new syntax :) It is mean "random". https://docs.semui.co/administration-guide/openid#claim-expression |
Beta Was this translation helpful? Give feedback.
-
|
Hi @goug76 you are took GitHub example. It is not suitable for Authentik. I experimented with it and this is my config: "authentik": {
"display_name": "Authentik",
"provider_url": "http://localhost:9000/application/o/test/",
"client_id": "***",
"client_secret": "***",
"redirect_url": "http://localhost:8081/api/auth/oidc/authentik/redirect/",
"scopes": ["openid", "profile", "email"],
"username_claim": "preferred_username",
"name_claim": "preferred_username"
} |
Beta Was this translation helpful? Give feedback.
-
|
Added to docs: https://docs.semui.co/administration-guide/openid/authentik |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for the response, I will give it a try and let you know. |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
|
That's the discussion I was following, but after doing everything I am still receiving the same error message. Setup: And for the document you updated, it doesn't like the |
Beta Was this translation helpful? Give feedback.
-
|
I was reading another article, it was for a different app, but it had a similar error message. They said they switched their database to MySQL and it worked. I am using the Postgres database; do you think it would make a difference if I switched? |
Beta Was this translation helpful? Give feedback.
-
|
What app do you mean? |
Beta Was this translation helpful? Give feedback.
-
|
I don't recall what app it was, but when I was searching the error message it came up. It doesn't sound like it would work, but spit balling. |
Beta Was this translation helpful? Give feedback.
-
|
Holy crap, when I switched everything over to a MySQL database it worked. |
Beta Was this translation helpful? Give feedback.
-
|
Scratch that I forgot to login when I first created everything, still getting the same error even on MySQL. When it did work and let me in, I had no rights to do anything. Worth a shot. |
Beta Was this translation helpful? Give feedback.
-
|
OK so I have it working now. The issue I was having was while I did change up the username, I didn't change up the email address and both apparently have to be unique. I'm not sure if this should be raised as a bug, the expected behavior would be if user already exists then use that account, else create a new one. Portainer has something similar where it doesn't create a new account, but uses the one that matches, or it creates a new one if it doesn't. For now, I will keep the two accounts separate or better yet delete the admin account once I give my user admin rights. By the way I absolutely love Semaphore, makes managing all my servers a breeze. Keep up the GREAT work! |
Beta Was this translation helpful? Give feedback.
Hi @goug76 you are took GitHub example. It is not suitable for Authentik. I experimented with it and this is my config: