H
Homarr3mo ago
Zbe

Oicd groups not working

Hello. I am using oicd to connect auth to authelia. There i have groups admins and arrs. I dont really know the difference between owner and admin in homarr, but i have set arrs as admin and admins as owner. But after login, i cannot modify the dashboards, saying I do not have the persmission. Authelia config: 
client_id: 'homarr'                                                          client_name: 'Homarr'                                                        client_secret: 'secret'         public: false                                                                authorization_policy: 'two_factor'                                           redirect_uris:                                                                 - 'https://homarr.jajaa.si/api/auth/callback/oidc'                           scopes:                                                                        - 'openid'                                                                   - 'groups'                                                                   - 'email'
          - 'profile'                                                                userinfo_signed_response_alg: 'none'
        token_endpoint_auth_method: 'client_secret_basic'
client_id: 'homarr'                                                          client_name: 'Homarr'                                                        client_secret: 'secret'         public: false                                                                authorization_policy: 'two_factor'                                           redirect_uris:                                                                 - 'https://homarr.jajaa.si/api/auth/callback/oidc'                           scopes:                                                                        - 'openid'                                                                   - 'groups'                                                                   - 'email'
          - 'profile'                                                                userinfo_signed_response_alg: 'none'
        token_endpoint_auth_method: 'client_secret_basic'
homarr:
    container_name: homarr
    image: ghcr.io/ajnart/homarr:latest
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock # Optional, only if you want docker integration
      - /opt/configs/homarr/configs:/app/data/configs
      - /opt/configs/homarr/icons:/app/public/icons
      - /opt/configs/homarr/data:/data
    environment:
      - TZ=Europe/Ljubljana
      - DEFAULT_COLOR_SCHEME=dark
      - BASE_URL=homarr.shsjsj.si
      - NEXTAUTH_URL=https://homarr.ajaja.si
      - AUTH_PROVIDER=oidc
      - AUTH_OIDC_URI=https://auth.sjsjs.si AUTH_OIDC_CLIENT_ID=homarr
      - AUTH_OIDC_CLIENT_NAME=Authelia
      - AUTH_OIDC_ADMIN_GROUP=admins
      - AUTH_OIDC_OWNER_GROUP=admins
    ports:
      - '7575:7575'
    networks:
      - traefik
homarr:
    container_name: homarr
    image: ghcr.io/ajnart/homarr:latest
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock # Optional, only if you want docker integration
      - /opt/configs/homarr/configs:/app/data/configs
      - /opt/configs/homarr/icons:/app/public/icons
      - /opt/configs/homarr/data:/data
    environment:
      - TZ=Europe/Ljubljana
      - DEFAULT_COLOR_SCHEME=dark
      - BASE_URL=homarr.shsjsj.si
      - NEXTAUTH_URL=https://homarr.ajaja.si
      - AUTH_PROVIDER=oidc
      - AUTH_OIDC_URI=https://auth.sjsjs.si AUTH_OIDC_CLIENT_ID=homarr
      - AUTH_OIDC_CLIENT_NAME=Authelia
      - AUTH_OIDC_ADMIN_GROUP=admins
      - AUTH_OIDC_OWNER_GROUP=admins
    ports:
      - '7575:7575'
    networks:
      - traefik
Solution:
So, the issue with my sites was my new shiny catchall. Homarr also no longer gives group errors. It does not sill work however. I will try to reset the volume and see if that helps...
Jump to solution
38 Replies
Cakey Bot
Cakey Bot3mo ago
Thank you for submitting a support request. Depending on the volume of requests, our team should get in contact with you shortly.
⚠️ Please include the following details in your post or we may reject your request without further comment: - Log (See https://homarr.dev/docs/community/faq#how-do-i-open-the-console--log) - Operating system (Unraid, TrueNAS, Ubuntu, ...) - Exact Homarr version (eg. 0.15.0, not latest) - Configuration (eg. docker-compose, screenshot or similar. Use ``your-text`` to format) - Other relevant information (eg. your devices, your browser, ...)
❓ Frequently Asked Questions | Homarr documentation
Can I install Homarr on a Raspberry Pi?
Manicraft1001
Manicraft10013mo ago
Your groups are the same. Can you try different groups?
No description
Zbe
Zbe3mo ago
This was the latest try I will retry One moment 
- AUTH_OIDC_ADMIN_GROUP=arrs
- AUTH_OIDC_OWNER_GROUP=admins
- AUTH_OIDC_ADMIN_GROUP=arrs
- AUTH_OIDC_OWNER_GROUP=admins
Same result. Would it affect if my user is member of both groups?
Manicraft1001
Manicraft10013mo ago
I would try to see whether it does Ensure that you log out and in again as this may have some effect
Zbe
Zbe3mo ago
One moment 
Starting production server...
Listening on port 7575 url: http://b08567f88e4e:7575

 WARN  no groups found in profile of oidc user

updating roles of user zbe

 WARN  no groups found in profile of oidc user

updating roles of user zbe
Starting production server...
Listening on port 7575 url: http://b08567f88e4e:7575

 WARN  no groups found in profile of oidc user

updating roles of user zbe

 WARN  no groups found in profile of oidc user

updating roles of user zbe
It doesnt fetch any groups?
Manicraft1001
Manicraft10013mo ago
Just checked quickly, both groups being the same shouldn't be a problem. @Tag can you jump in?
Zbe
Zbe3mo ago
I have changed the groups, but noticed this in the logs
Tag
Tag3mo ago
So, this was working before right? Or are you setting it up right now and just not working?
Zbe
Zbe3mo ago
I was just setting it up Had authelia working on other services before tho
Tag
Tag3mo ago
Alright, so this is not an issue that came with the new version, good to know You use Authelia, and what do you use as a database? Ldap?
Zbe
Zbe3mo ago
Openldap yes
Tag
Tag3mo ago
Is it possible you haven't configured the groups properly in Authelia?
Zbe
Zbe3mo ago
Hmmm, let me try it out It does appear so, i will check it out more as soon as i get to the PC
Tag
Tag3mo ago
https://gist.github.com/dgalli1/3193fd3e0476a0495c0fd91e1e055022 I am thinking the groups are not working because authelia is not transmitting any groups. This is a link to how Authelia is configured with OpenLdap
Zbe
Zbe3mo ago
The funny thing is my setup is based directly from this I will investigate
Tag
Tag3mo ago
I actually believe you, I followed the same for LLDAP instead but they're quite easy to find
Zbe
Zbe3mo ago
I was thinking of migrating to lldap but i didnt find any info on if they can send login info to the user like ldap-user-manager does (what i use atm)
Tag
Tag3mo ago
That's a good question, I'd say just try it. You don't need to delete your openLdap to try LLDAP.
Zbe
Zbe3mo ago
I did, since i use traefik i can make the reverse proxy straight from the compose so its quite quick But i didnt find any options So i thought it might be an env var
Tag
Tag3mo ago
I remember checking that too actually, I've searched arround a bit more and it seems you can't modify the lldap database from outside, so apps like user-ldap-management wouldn't work. You can only use the GUI of LLDAP
Zbe
Zbe3mo ago
So, i have noticed this log in authelia: time="2024-05-13T02:40:56+02:00" level=debug msg="Check authorization of subject username=zbe groups=admins,arrs ip=185.65.228.215 and object https://awdawda.si/radarr/api/v3/command (method GET)." And the groups are here, so authelia should recognize the groups
Tag
Tag3mo ago
Alright, another interesting thing I just found in the code, if you actually indeed not have any groups, you would have an error logged into homarr's logs Which you do So the problem is not that the env variable is wrong, it's that when the user connects, it doesn't return any groups So basically, Authelia is not giving the groups. No idea if that's because you need to enable something somewhere maybe Ah! Maybe because of how you configure OIDC in authelia? Do you have all the scopes correctly added in authelia's OIDC configuration? Namely, "groups"?
Zbe
Zbe3mo ago
        scopes:
          - 'openid'
          - 'groups'
          - 'email'
          - 'profile'
        scopes:
          - 'openid'
          - 'groups'
          - 'email'
          - 'profile'
Tag
Tag3mo ago
Too bad... It's quite confusing, we're at the point where we know Authelia has the groups, but it doesn't give it to us through OIDC...
Zbe
Zbe3mo ago
I will do some more checks with authelia, i have noticed the group domain locks dont work either It does seem to find the groups according to the log I have no idea where i messed it up
Tag
Tag3mo ago
That wasn't supposed to happen, wth Sorry you got message policed
Zbe
Zbe3mo ago
Happens hahaha I probably messed around in the config and didnt notice it before And just now noticed with this homarr fiasco
Solution
Zbe
Zbe3mo ago
So, the issue with my sites was my new shiny catchall. Homarr also no longer gives group errors. It does not sill work however. I will try to reset the volume and see if that helps
Tag
Tag3mo ago
You've set back the env variables in homarr right
Zbe
Zbe3mo ago
Lol Reseting the volume fixed it Guess it caches something somewhere Thanks for all your input and help!
Tag
Tag3mo ago
Glad we got it working I'm actually glad it was a setup problem and not from the modifications I had to do recently possibly wrecking it up.
Zbe
Zbe3mo ago
Do feel that. While I have you here, is it normal to redirect me to torrent galaxy in torrent search? I would think it would use prowlarr for it
Tag
Tag3mo ago
Torrent search was implemented a long time ago and prowlarr just recently so nothing to do with one another. It was recently asked to be able to use any torrent indexer you could want though. But this is such a better idea, could you please make a github issue with the idea? I actually didn't like much that we had an indexer hardcoded in so something like that would be great.
Zbe
Zbe3mo ago
What's homarr written in again?
Tag
Tag3mo ago
Typescript
Zbe
Zbe3mo ago
Will try to play around and send a pull. If not I'll make an issue
Tag
Tag3mo ago
Alright, I'll mark this ticket as resolved. If you have further questions please do so in #🦞・general or make a new ticket, it's better for referencement if someone searches for the issue.
Zbe
Zbe3mo ago
Alright, thanks again for your help and time
Want results from more Discord servers?
Add your server
More Posts
Homarr failing to update applications and widgetSince 10 April a previously functioning Homarr board now fails on trying to load on widget informatiCant get to my DashboardEverytime I try to go to my dashboard (http://myip:7575) and my Browser does this: http://myip:7575/Homarr cant see qbitHey Everyone i recetnly installed homarr on docker and i cant see my qbit torrent or my download andnone of my widgets seem to work.I was reading on here about they need to be the same network? Im not 100% sure how to tell or make sSlow Loading Applications & WidgetsHey all, my Homarr seems to have developed loading times, loading has slowed down, struggling to loProxmox integration setup problemsI have followed the installation, but missed out on creating a proxmox integration object on the homanything else except the auth page is shown as not secure from my browsers.Moin! I have the problem that everything else except the auth is shown as “not secure” in my browsSteps to backup dashboard using UnraidCould someone please guide me on how to backup? I tried searching on Discord and docs but couldn't fOK, absolute Homarr/Truenas noob here. How do I access where I put a new background image?Dear friends, after messing around with a plethora of different DIY solutions to my home storage I sCreate Tile - ErrorHi, I've created a qBittorrent tile, when I click on it, it opens without http:// prefix, so it do