OpenID (Google SSO) issues
Do you want to share your configuration?
Here is a 'sanitized' copy of my config:
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE properties SYSTEM 'http://java.sun.com/dtd/properties.dtd'>
<properties>
<entry key='config.default'>./conf/default.xml</entry>
<entry key='database.driver'>org.h2.Driver</entry>
<entry key='database.url'>jdbc:h2:./data/database</entry>
<entry key='database.user'>sa</entry>
<entry key='database.password'></entry>
<entry key='web.url'>https://traccar.[mydomain].org</entry>
<entry key='geocoder.enable'>true</entry>
<entry key='geocoder.type'>google</entry>
<entry key='geocoder.key'>[omitted]</entry>
<entry key='mail.smtp.port'>587</entry>
<entry key='mail.smtp.starttls.enable'>true</entry>
<entry key='mail.smtp.host'>smtp-relay.gmail.com</entry>
<entry key='mail.smtp.from'>[omitted]</entry>
<entry key='mail.smtp.auth'>false</entry>
<entry key='filter.future'>180</entry>
<entry key='openid.clientId'>[omitted].apps.googleusercontent.com</entry>
<entry key='openid.clientSecret'>[omitted]</entry>
<entry key='openid.issuerUrl'>https://accounts.google.com</entry>
</properties>Are you sure you configured the callback URL correctly in your Google console?
I believe so. I added both the http and https URLs for troubleshooting purposes.
Then I'm not sure why it's redirecting to https://traccar.[mydomain].org/o/oauth2/v2/auth. Maybe you can try configuring openid.authUrl, openid.tokenUrl and openid.userInfoUrl instead of the issuer URL.
When I do that, then restart the Traccar service, I get a 502 error when I try to access the Traccar interface. I am also unable to stop the Traccar service and have to remove those lines from the config file and reboot the server to get it back up and running. Here's what I had in the config file:
<entry key='openid.clientId'>[omitted].apps.googleusercontent.com</entry>
<entry key='openid.clientSecret'>[omitted]</entry>
<entry key='openid.authUrl'>https://accounts.google.com/o/oauth2/v2/auth</entry>
<entry key='openid.tokenUrl>https://oauth2.googleapis.com/token</entry>
<entry key='openid.userInfoUrl>https://openidconnect.googleapis.com/v1/userinfo</entry>That looks like invalid config. You're missing quotes in the last two parameters.
Thanks for catching that. I have that fixed, and believe I know what the issue is - just have to figure out how to correct it. I have a couple of URL Rewrite rules set up in IIS - one is an HTTP to HTTPS redirect; the other is a reverse proxy to accommodate HTTPS/SSL (per https://www.traccar.org/forums/topic/tutorial-how-to-secure-traccar-with-ssl-https-for-free-using-iis-and-lets-encrypt-on-windows-server/). I believe the reverse proxy rule is rewriting the accounts.google.com to traccar.[mydomain].org.
For those who might experience this issue, here's how to keep IIS from rewriting accounts.google.com in the response header:
- Open IIS Manager and click on the server in the left pane.
- Open Application Request Routing Cache, then go to 'Server Proxy Settings...' under Actions on the right pane.
- Uncheck 'Reverse rewrite host in response headers' and click Apply in the right pane.
- I restarted IIS after applying this setting, but not sure if that is necessary.
I am attempting to configure the new OpenID settings to enable SSO with Google. I've followed the instructions on the documentation page (https://www.traccar.org/openid-sso/), and it looks like I have things configured accordingly within the Traccar config and my Google Cloud account, but when I click the 'Login with OpenID' button, it dumps me to a blank page with this URL:
https://traccar.[mydomain].org/o/oauth2/v2/auth?response_type=code&redirect_uri=https%3A%2F%2Ftraccar.[mydomain].org%2Fapi%2Fsession%2Fopenid%2Fcallback&state=[omitted]&client_id=[omitted].apps.googleusercontent.com&scope=openid+profile+email.(note that I have 'sanitized' the above URL, removing/replacing what's in the brackets [ ] for privacy reasons)
Any ideas what might be going wrong?