Homarr•9h ago

Internal Server Error with AUTH_OIDC_FORCE_USERINFO="true"

Logs: https://privatebin.io/?d2ac1028e434320e#AQHUZxYpTsACyFcP6Kc3YvfG3Z7AwLcM4W68zDiXN2xg I was trying to debug authelia and found out I had to add that for the new version but now the only thing that shows up is a 500 Internal Server Error Page

Send text and files securely and anonymously with end-to-end encryption (no account required) | PrivateBin

Encrypted note on Send text and files securely and anonymously with...

Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.

3 Replies

Cakey Bot•9h ago

Thank you for submitting a support request. Depending on the volume of requests, our team should get in contact with you shortly.

⚠️ Please include the following details in your post or we may reject your request without further comment: - Log (See https://homarr.dev/docs/community/faq#how-do-i-open-the-console--log) - Operating system (Unraid, TrueNAS, Ubuntu, ...) - Exact Homarr version (eg. 0.15.0, not latest) - Configuration (eg. docker-compose, screenshot or similar. Use ``your-text`` to format) - Other relevant information (eg. your devices, your browser, ...)

Frequently Asked Questions | Homarr documentation

Can I install Homarr on a Raspberry Pi?

Manicraft1001•9h ago

@Meierschlumpf can you take a look? @TheRedCyclops please provide the full compose / run command with your secret encryption key removed

TheRedCyclopsOP•9h ago

Compose file: https://privatebin.io/?1b1e97825b0d8848#2eCmAUPa4oMzgC7WyUNfAr8JQZPogcK617Hu6uc2DiMg Version 1.18.1 Running on OMV (Sandworm) (Debian based) It is running with traefik and authelia Relevant section of the authelia configuration:

      # Homarr
      - client_id: 'redacted-client-id'
        client_name: 'Homarr'
        client_secret: '[REDACTED]'
        authorization_policy: 'one_factor'
        redirect_uris:
          - 'https://domain.com/api/auth/callback/oidc'
        scopes:
          - 'openid'
          - 'profile'
          - 'groups'
          - 'email'
        userinfo_signed_response_alg: 'none'
        token_endpoint_auth_method: 'client_secret_basic'
        consent_mode: 'explicit'

      # Homarr
      - client_id: 'redacted-client-id'
        client_name: 'Homarr'
        client_secret: '[REDACTED]'
        authorization_policy: 'one_factor'
        redirect_uris:
          - 'https://domain.com/api/auth/callback/oidc'
        scopes:
          - 'openid'
          - 'profile'
          - 'groups'
          - 'email'
        userinfo_signed_response_alg: 'none'
        token_endpoint_auth_method: 'client_secret_basic'
        consent_mode: 'explicit'

Since the HTML may be the auth page here is my access control too:

access_control:
  ## Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. It is the policy applied to any
  ## resource if there is no policy to be applied to the user.
  default_policy: 'deny'
 
  rules:
    - domain_regex: '^.*\.domain\.com$'
      subject: 'group:admin'
      policy: 'one_factor'
    - domain: 'domain.com'
      resources:
      - '^/[a-z]+arr([/?].*)?$'
      - '^/qbittorrent(-private)?([/?].*)?$'
      policy: 'deny'
    - domain:
      - 'jellyfin.domain.com'
      - 'jellyseerr.domain.com'
      - 'domain.com'
      - 'auth.domain.com'
      - 'immich.domain.com'
      - 'vaultwarden.domain.com'
      policy: 'one_factor'

access_control:
  ## Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. It is the policy applied to any
  ## resource if there is no policy to be applied to the user.
  default_policy: 'deny'
 
  rules:
    - domain_regex: '^.*\.domain\.com$'
      subject: 'group:admin'
      policy: 'one_factor'
    - domain: 'domain.com'
      resources:
      - '^/[a-z]+arr([/?].*)?$'
      - '^/qbittorrent(-private)?([/?].*)?$'
      policy: 'deny'
    - domain:
      - 'jellyfin.domain.com'
      - 'jellyseerr.domain.com'
      - 'domain.com'
      - 'auth.domain.com'
      - 'immich.domain.com'
      - 'vaultwarden.domain.com'
      policy: 'one_factor'

Gaming

Programming

Internal Server Error with AUTH_OIDC_FORCE_USERINFO="true"

Did you find this page helpful?