ADFS + Planka

[SkorpionMars]

Good afternoon.

We are trying to connect authorization to Planka using ADFS(Windows Server 2019/2022) via OIDC.

After entering the necessary parameters we get the following error when trying to authorize in the service.

Settings on the Planka side

OIDC_ISSUER=https://adfs-sandbox.domain.com/adfs
OIDC_CLIENT_ID=5cd56d55-0f8f-4705-9ad6-5001cc8744bc
OIDC_CLIENT_SECRET=yKrTyg4xOHdgW2laQXb0gf3z4XvqyNqwrNv3USqy
OIDC_SCOPES=openid email profile
# OIDC_ADMIN_ROLES=admin
# OIDC_EMAIL_ATTRIBUTE=email
# OIDC_NAME_ATTRIBUTE=name
# OIDC_USERNAME_ATTRIBUTE=username
# OIDC_ROLES_ATTRIBUTE=groups
# OIDC_IGNORE_USERNAME=true
OIDC_IGNORE_ROLES=true
# OIDC_ENFORCED=true

Errors from Planka log

2024-03-29 12:27:19 [W] Error while exchanging OIDC code: OPError: invalid_token (MSIS9921: Received invalid UserInfo request. Audience 'microsoft:identityserver:5cd56d55-0f8f-4705-9ad6-5001cc8744bc' in the access token is not same as the identifier of the UserInfo relying party trust 'urn:microsoft:userinfo'.)
2024-03-29 12:27:19 [W] Invalid code or nonce! (IP: ::1)

Version Planka 1.16.1

Information from Saml-Tracer addon in Firefox

Can you help with this problem?

[meltyshev]

Hi! We'll try to reproduce this as soon as we have access to ADFS, but for now I'll add a "help wanted" label, maybe someone who has already encountered this can help.