Authentik OIDC - Internal Server Error
Constantly getting an Internal Server Error on OIDC with Authentik. I've dug through some of the GitHub issues as well as the threads here and can't seem to get past the block. Any help is appreciated!
Symptoms:
- Navigating to admin.domain.tld (where Homarr is surfaced through Nginx) worked get with credential auth. Switching to OIDC: Gray screen with "Internal Server Error" no matter the different configurations I've tried.
- Logs state "Invalid URL" on both NEXTAUTH_URL and AUTH_OIDC_URI (have tried numerous variations of these)
Redirect URI in Authentik: https://admin.domain.tld/api/auth/callback/oidc (also tried this as auth.)
Current Compose:
Example Log Errors:
26 Replies
Thank you for submitting a support request.
Depending on the volume of requests, our team should get in contact with you shortly.
⚠️ Please include the following details in your post or we may reject your request without further comment: - Log (See https://homarr.dev/docs/community/faq#how-do-i-open-the-console--log) - Operating system (Unraid, TrueNAS, Ubuntu, ...) - Exact Homarr version (eg. 0.15.0, not latest) - Configuration (eg. docker-compose, screenshot or similar. Use ``your-text`` to format) - Other relevant information (eg. your devices, your browser, ...)
❓ Frequently Asked Questions | Homarr documentation
Can I install Homarr on a Raspberry Pi?
you need to replace the "=" with ":"
it's docker compose, can't use =
Weird, I have 10s of compose files all using =? And according to their docs it's officially supported: https://docs.docker.com/compose/environment-variables/set-environment-variables/
Docker Documentation
Set environment variables within your container's environment
How to set, use, and manage environment variables with Compose
huh, that's funny. Try not using it though, also remove the quotations
Oh wait
I think I actually see it
You might be missing the "http"/"https" in the URL
Invalid environment variables: { NEXTAUTH_URL: [ 'Invalid url' ], AUTH_OIDC_URI: [ 'Invalid url' ] }
This means it doesn't recognize the value entered as a valid URL
I think I had tried it with https on there as well - will give it a retry for completeness though. And converted to :, still happening.
either because of the = and quotation, or because it's actually not a URL because it's missing http/s
Also base_url is useless, it hasn't been in use in a long time
and you had removed the " " too?
Ugh, THOUGHT I tried it with the https... apparently not. Rookie move. So it is at least an actual screen now - giving me ye olde auth loop though. Current Compose:
edit that realy quick
x)
Thx.. rookie move #2 😄
the auth loop can be caused by either apps really, it's a bit of a nightmare because you need to find the right address for OIDC_URI and the right address for callback in Authentik
Thanks - will poke at those a bit and circle back as either solved or still lost.
OH I remebered something
The user you're trying to log in, does it have the same name or email as the original user you created in native credentials?
because that causes issues
basically, remove any extra users and any email linked to them. Or just delete the user database and go through onboarding again, it won't remove your boards don't worry
Different name and email. Was using a service account to manage Homarr vs using my personal creds in Authentik. Good news/bad news... I got to where my authentik instance now pops up, but it's now a dual screen loop lol. Homarr loads up, kicks me to authentik, then back to Homarr, repeat. But progress! Changed OIDC_URL to "https://auth.domain.tld/application/o/home" - forgot home is the name of the application in Authentik, not Homarr.
Onto more discovery.
Good luck 🙂
I find this page to have a lot of information, especially at the end of it since it's most relevant to now:
https://github.com/ajnart/homarr/issues/1909
the comments saying you should use BASE_URL are outdated but since we use NEXTAUTH_URL but you're welcome to keep trying on using it.
Thanks for all the help so far! Will update if/when I get it figured out.
Okay, I've tried changing a lot of things a lot of ways with different outcomes, but no successful ones. What I've gotten to, is that according to Authentik it is approving the authorization. It is then redirecting me back whatever my NEXTAUTH is, as expected, but I'm not logged in. Looking into the Homarr logs though, it's saying client authentication failed. How can that be accurate if Authentik is recording a success?