SSO over Azure AD

My version of HedgeDoc is: 1.9.9

What I expected to happen:

Try to use AzureAD over Oauth2.0 for SSO like described here Azure Active Directory - HedgeDoc

What actually happened:

I got a “internal server error” from hedgedoc. But the login seems to work because I see success logs in Azure AD. I got the following error message in syslog.

2023-10-18T10:14:59.458739+02:00 Server yarn[283998]: 2023-10-18T08:14:59.458Z error: #011uncaughtException: Cannot read properties of undefined (reading 'split')
2023-10-18T10:14:59.458882+02:00 Server yarn[283998]: TypeError: Cannot read properties of undefined (reading 'split')
2023-10-18T10:14:59.458919+02:00 Server yarn[283998]:     at extractProfileAttribute (/opt/hedgedoc/hedgedoc/lib/web/auth/oauth2/index.js:46:15)
2023-10-18T10:14:59.458939+02:00 Server yarn[283998]:     at parseProfile (/opt/hedgedoc/hedgedoc/lib/web/auth/oauth2/index.js:57:20)
2023-10-18T10:14:59.458984+02:00 Server yarn[283998]:     at /opt/hedgedoc/hedgedoc/lib/web/auth/oauth2/index.js:107:21
2023-10-18T10:14:59.459004+02:00 Server yarn[283998]:     at passBackControl (/opt/hedgedoc/hedgedoc/node_modules/oauth/lib/oauth2.js:134:9)
2023-10-18T10:14:59.459036+02:00 Server yarn[283998]:     at IncomingMessage.<anonymous> (/opt/hedgedoc/hedgedoc/node_modules/oauth/lib/oauth2.js:157:7)
2023-10-18T10:14:59.459104+02:00 Server yarn[283998]:     at IncomingMessage.emit (node:events:525:35)
2023-10-18T10:14:59.459132+02:00 Server yarn[283998]:     at endReadableNT (node:internal/streams/readable:1359:12)
2023-10-18T10:14:59.459156+02:00 Server yarn[283998]:     at process.processTicksAndRejections (node:internal/process/task_queues:82:21)

I already tried:

Find the correct config for Azure AD SSO. My actual cocfig is the following:

"oauth2": {
            "userProfileURL": "",
            "userPofileUserNameAttr": "mail",
            "userProfileDisplaynameAttr": "displayName",
            "userProfileEmailAttr": "mail",
            "tokenURL": "<tenantID>/oauth2/v2.0/token",
            "authorizationURL": "<tenantID>/oauth2/v2.0/authorize",
            "clientID": "<ClientID>",
            "clientSecret": "<Secret>",
            "providerName": "AzureAD",
            "scope": "openid email offline_access profile"

I think it’s a problem with the profile URL. Can anynone help me with that issue please?

Thank you.

1 Like

Hi, did you managed to solve the issue?

Hi, unfortunately we have not solved the problem. To be honest, we are now using a different product. But there are other reasons for this.