Open
Description
Operating System
Ubuntu 22.04.5 LTS
AMP Version and Build Date
AMP version 2.6.1.0 (Phobos), built 20/03/2025 20:49, 20250320.8
AMP Release Stream
Mainline
I confirm that
- I have searched for an existing bug report for this issue.
- I am using the latest available version of AMP.
- my operating system is up-to-date.
Intended Action
Attempt to login with my OIDC endpoint, albiet misconfigured to not return correct data
Expected Behaviour
AMP to spot missing data and return a respective error code, telling the user to go and reconfigure their OIDC provider to return the correct data required.
Actual Behaviour
AMP returns "Unknown Reason (null) null", and fatally writes a bad user to the database that has to be cleared using local admin.
In the log, it returns the following for first attempt:
[16:51:03] [Core Error/59] : ArgumentNullException
[16:51:03] [Core Error/59] : [0] (ArgumentNullException) : Value cannot be null. (Parameter 'source')
[16:51:03] [Core Error/59] : at Linq.ThrowHelper.ThrowArgumentNullException(ExceptionArgument argument)
at Linq.Enumerable.Where[TSource](IEnumerable`1 source, Func`2 predicate)
at GSMyAdmin.Authentication.InternalAuth.AuthenticateOIDCUser(HttpRequest request, OidcUserInfo info, Nullable`1 serverId)
at GSMyAdmin.WebServer.WebMethods.OIDCLogin(HttpRequest request, String code, String redirect_uri, Nullable`1 serverId)
at GSMyAdmin.WebServer.WebAttributes.InvokeMethod(String MethodName, JObject Data, HttpContext context, IWebSession Session, WebMethodsBase MethodsClass, IPAddress RealIP)
at GSMyAdmin.WebServer.ApiService.InvokeAPI(HttpContext context, IWebSession Session, JObject Data, String RequestModule, String RequestMethod)
Attempts afterwards:
[16:05:10] [Core Error/19] : NullReferenceException
[16:05:10] [Core Error/19] : [0] (NullReferenceException) : Object reference not set to an instance of an object.
[16:05:10] [Core Error/19] : at GSMyAdmin.WebServer.WebMethods.LoginSuccess(HttpRequest request, String token, Boolean rememberMe, Boolean IsServerLogin, Nullable`1 remoteInstanceId, List`1 permissions, String newToken, LoginResponse loginResponse, UserInfoSummary userInfo, WebSession session)
at GSMyAdmin.WebServer.WebMethods.OIDCLogin(HttpRequest request, String code, String redirect_uri, Nullable`1 serverId)
at GSMyAdmin.WebServer.WebAttributes.InvokeMethod(String MethodName, JObject Data, HttpContext context, IWebSession Session, WebMethodsBase MethodsClass, IPAddress RealIP)
at GSMyAdmin.WebServer.ApiService.InvokeAPI(HttpContext context, IWebSession Session, JObject Data, String RequestModule, String RequestMethod)
Reproduction
- Install and configure AMP
- Setup your OIDC provider, configure it, and make it not provide not enough information - Common mistakes are email (User may be missing an email) and groups (This is a quasi-standard claim, not all providers will support it)
- Configure AMP to use your OIDC provider and restart it
- Attempt to visit the AMP webpage