[Bug]: SSO OIDC Authentication failure

[tuxinzide]

Bug description

Hello, We have Azure Entra as our idP and have configured all values as required. During the SSO login process, we can see the authentication requests being made to the idP and is being successful but we are dropped back to the login screen with the error message "Missing Email" from Netdata.

Not sure where to look to troubleshoot this. Please let me know what information i can provide to resolve this. Thanks!

Expected behavior

SSO Authentication completed and dropped into Netdata console.

Steps to reproduce

1. Enable OIDC with required values.
2. Delegate the following permissions; openid, email, profile.
3. Add DNS record as required.
4. Browse to app.netdata.cloud and select SSO login option.

Screenshots

No response

Error Logs

Desktop

OS: [e.g. iOS] Windows 10
Browser [e.g. chrome, safari] Firefox
Browser Version [e.g. 22] 131.0.2 (64-bit)

Additional context

No response

[car12o]

Hi @tuxinzide. After taking a look, we found that something should be misconfigured on your server.
When we try to obtain User Profile information, the emailproperty on the json payload is missing, and therefore the error Missing email.
https://apim.docs.wso2.com/en/3.0.0/learn/api-security/openid-connect/obtaining-user-profile-information-with-openid-connect/

[tuxinzide]

Hi. We are using Microsoft Azure, Entra ID. It is not our own server. We were able to pull the email property as requested when requesting directly using OIDC method.

Please advise.

[tuxinzide]

@car12o Are you able to see my response?

[car12o]

@tuxinzide sorry for the late reply, I was off for the last two weeks.
I'm already aware @juacker helped you out, glad that everything is working now.

[mittma]

Is it possible to post the cause and /or solution of this error? Because I have the exact same problem.

[car12o]

It was a bug on the Cloud where emails matching was case-sensitive leading to unmatched emails but it has been addressed while ago.