OneDev
Dashboards
Projects
Pull Requests
Issues
Builds
Packages
Code Search
server
Code
Pull Requests
Issues
List
Boards
Milestones
Builds
Packages
Statistics
Child Projects
OneDev 10.5.1
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects onedev server Issues #647
#647  Automatic Login From SSO Provider
Closed
Josh Chapman opened 2 years ago

I have been using an OIDC connection to login to OneDev for a few weeks now, successfully passing through all user information and groups. However, our SSO provider has an application dashboard that allows users to launch applications directly from the SSO system and we have not been successful in passing through credentials in to OneDev without initiating the login from the OneDev login. Following the instructions from the Okta example, if we use the main URL of the application as the launch URL (we assume being described as the "Initiate Login URI" in the example), it just goes to the login screen of OneDev and the user has to click to initiate the login. If we attempt to use the callback URL from OneDev, we just get a response of "Unsolicited OIDC authentication response" and the user again has to initiate the login from the OneDev login screen.

Does anyone know if there is a valid URI to use to initiate the login to OneDev from outside the system, so if the user clicks on an application from the SSO dashboard, they will be automatically logged in to the system?
Josh Chapman commented 2 years ago

Well, after fighting with this for a couple weeks, I was finally able to find the correct path to at least automatically start the connection. Whether it's the "correct" implementation or not, it's working.

I found that sending users to https://onedev.yourdomain.com/sso/initiate/[AuthProviderName] will start the connection back to the auth provider and then login in successfully. While that creates somewhat of a round-robin connection (Auth->OneDev->Auth->OneDev), it's still seamless to the user.

If it is the correct way to do this, it may be worth adding to the documentation, in case others have the same need.
Robin Shen changed fields 2 years ago
Name Previous Value Current Value 
Type
 
Support Request
 
Improvement
Robin Shen commented 2 years ago

Yes this is the correct way to initiate login from provider side. Will improve the documentation though.
Robin Shen changed state to 'Closed' 2 years ago
Previous Value Current Value 
Open
 
Closed
issue 1 of 1
Type
Improvement
Priority
Normal
Assignee
Robin Shen
Issue Votes (0)
Login to vote
Watchers (4)
Reference
onedev/server#647
Please wait...
Page is in error, reload to recover