Google OpenID SSO Login Error

smcan · January 24, 2023, 5:36pm

Great project!

Just got it up and running and only have the admin account. I set up SSO with Google OpenID but when I try to login with google, I receive the error “OpenIDConnect Error: not_found”. I looked at the firezone, caddy, and postgres logs but they were unhelpful. The firezone log did show the same error but nothing additional that was useful. I’ve tried it with Auto Create Users both on and off and receive the same error.

Is it because I’m logging in as the admin user which is the same email as my google email?

andrew_dryga · January 24, 2023, 5:54pm

Hello @smcan, what if your Firezone version? I think it’s due to a bug that was fixed yesterday: 0.7.5 - Next problems with SAML auth (Google) · Issue #1362 · firezone/firezone · GitHub

Also, please make sure that ID of your configuration is not saml, it’s a reserved word and you should not be able to create such config in 0.7.6

smcan · January 24, 2023, 6:22pm

version is 0.7.6. Not using SAML but OpenID. The word SAML is not in any of my configuration.

andrew_dryga · January 24, 2023, 6:26pm

Oh, sorry. The same issue could happen with OpenID Connect config if you give it an id oidc. Additionally, you can get this error if the callback URL is not configured properly on the Google end (eg. it points to a wrong config ID).

smcan · January 24, 2023, 6:31pm

Using the following from the documentation (but with my actual domain):

https://firezone.example.com/auth/oidc/google/callback

Is there something else that is supposed to be a part of the URL?

smcan · January 24, 2023, 6:35pm

Ohhh, I think I see. I’m supposed to replace the word google in the URL with my config id?

andrew_dryga · January 24, 2023, 6:36pm

Yes, you need to replace it

smcan · January 24, 2023, 6:36pm

That was it. You gave me enough hint to figure it out. Thanks!

andrew_dryga · January 24, 2023, 6:37pm

You are welcome, enjoy Firezone!