Error on creating user first time logged on with SSO

Playmaker03265 days ago

Hello,

I setup Traccar successfully to work with OpenID (Synology OICD SSO-Server). Everything is working fine when the user is already existing with the same email-address both on Synology and in Traccar, the user can login with SSO

However, when I first time login with a new user that does not exist in Traccar yet using SSO, I get a null-value-exception in the logfile.

(technical details to be added)

To me it seems that "name" is not received from SSO, but user-name is set on the SSO-Server.
Is this a bug or do I miss something else?

Thank you!

Playmaker03265 days ago

Details of exception are:

ERROR: null value in column "name" of relation "tc_users" violates not-null constraint

Here are the infos from https://sso.mydomain.com/webman/sso/.well-known/openid-configuration

{
   "authorization_endpoint" : "https://sso.mydomain.com/webman/sso/SSOOauth.cgi",
   "claims_supported" : [ "aud", "email", "exp", "groups", "iat", "iss", "sub", "username" ],
   "code_challenge_methods_supported" : [ "S256", "plain" ],
   "grant_types_supported" : [ "authorization_code", "implicit" ],
   "id_token_signing_alg_values_supported" : [ "RS256" ],
   "issuer" : "https://sso.mydomain.com/webman/sso",
   "jwks_uri" : "https://sso.mydomain.com/webman/sso/openid-jwks.json",
   "response_types_supported" : [ "code", "code id_token", "id_token", "id_token token" ],
   "scopes_supported" : [ "email", "groups", "openid" ],
   "subject_types_supported" : [ "public" ],
   "token_endpoint" : "https://sso.mydomain.com/webman/sso/SSOAccessToken.cgi",
   "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post" ],
   "userinfo_endpoint" : "https://sso.mydomain.com/webman/sso/SSOUserInfo.cgi"
}
Anton Tananaev5 days ago

Seems like you're missing the name in the response.

Playmaker03265 days ago

Yes, I agree.
But is the name supposed to be part of the response? It is listed in the "claims_supported" as "username", right?
Can I activate a certain log level to see if its there or not?

Anton Tananaev5 days ago

Username and name are very different things.

Playmaker03265 days ago

Are they?
Isn't it just two different names for the same?

Is it possible for you to implement that you switch back to "username" in case "name" is not available in the response?

Anton Tananaev5 days ago

Anything is possible.