Hi,
Thanks for quick response.
Here is my sogo.conf
{
/* WebObjects / core runtime debugging */
WODebuggingEnabled = YES;
WOLogLevel = debug;
/* Process & logging */
WOWorkersCount = 1;
WOPort = "0.0.0.0:20000";
WOLogFile = "-";
/* Timezone (optional but recommended) */
SOGoTimeZone = "Asia/Kolkata";
/* Cache (external memcached in Kubernetes) */
SOGoMemcachedHost = "sogo-memcached.indryve-org.svc.cluster.local:11211";
/* Database (PostgreSQL via single base URL + multiple logical stores) */
SOGoProfileURL =
"postgresql://postgres:[email protected]:5432/sogo/sogo_user_profile";
OCSFolderInfoURL =
"postgresql://postgres:[email protected]:5432/sogo/sogo_folder_info";
OCSSessionsFolderURL =
"postgresql://postgres:[email protected]:5432/sogo/sogo_sessions_folder";
OCSStoreURL =
"postgresql://postgres:[email protected]:5432/sogo/sogo_store";
OCSAclURL =
"postgresql://postgres:[email protected]:5432/sogo/sogo_acl";
OCSCacheFolderURL =
"postgresql://postgres:[email protected]:5432/sogo/sogo_cache_folder";
OCSAdminURL =
"postgresql://postgres:[email protected]:5432/sogo/sogo_admin";
/* ---------------------------
AUTH: OpenID Connect (SSO)
--------------------------- */
SOGoAuthenticationType = openid;
SOGoXSRFValidationEnabled = NO;
/* DB URL used to store OpenID sessions (mandatory for OpenID) */
OCSOpenIdURL =
"postgresql://postgres:[email protected]:5432/sogo/sogo_openid";
/* OpenID Provider Configuration endpoint (mandatory) */
SOGoOpenIdConfigUrl =
"https://idam.indryve.org/oauth2/oidcdiscovery/.well-known/openid-configuration";;
SOGoOpenIdClient = "xxxxxxxx";
SOGoOpenIdClientSecret = "xxxxxxxxxxxxx";
/* e.g. "openid profile email" */
SOGoOpenIdScope = "openid profile email";
/* claim that carries the mailbox/uid; defaults to email if unset */
SOGoOpenIdEmailParam = "email";
SOGoOpenIdRedirectURI = "https://dav.indryve.org/SOGo/so/oidc/callback";;
/* optional knobs */
SOGoOpenIdEnableRefreshToken = YES;
SOGoOpenIdTokenCheckInterval = 300;
SOGoOpenIdLogoutEnabled = YES;
SOGoTrustProxy = YES;
SOGoSecureCookies = YES;
SOGoUseRelativeURLs = NO;
SOGoForceExternalLoginWithHTTPS = YES;
SOGoForceExternalLoginWithEmail = YES;
SOGoDebugRequests = YES;
SOGoDebugResponse = YES;
SOGoMailDebugEnabled = YES;
SOGoDebugOpenId = YES;
/* If SOGo is used as webmail with OpenID, IMAP/SMTP need XOAUTH2.
:contentReference[oaicite:3]{index=3}
If you are Cal/Card only, keep these unset or disabled. */
/* NGImap4AuthMechanism = xoauth2; */
/* SOGoSMTPAuthenticationType = xoauth2; */
/* Indryve: Calendar + Contacts */
SOGoCalendarDAVAccessEnabled = YES;
SOGoAddressBookDAVAccessEnabled = YES;
SOGoAppointmentSendEMailNotifications = YES;
SOGoPageTitle = "SOGo";
SOGoPasswordChangeEnabled = NO;
/* LDAP user source: Samba-AD (Address Book only) */
SOGoUserSources = (
{
id = "indryve-ad";
type = ldap;
canAuthenticate = NO; /* OIDC handles auth */
isAddressBook = YES; /* directory/contacts source */
CNFieldName = "cn";
IDFieldName = "sAMAccountName";
UIDFieldName = "sAMAccountName";
baseDN = "DC=indryve,DC=demo";
bindDN = "CN=sogo_bind,OU=BindUsers,DC=indryve,DC=demo";
bindPassword = "oeKObjR9KmstkNd6";
hostname = "ldaps://ad.indryve.demo:636";
filter = "(objectClass=person)";
MailFieldNames = (mail);
displayName = "Indryve Directory";
SSL = YES;
}
);
}
Thanks n’ Regards,
Raghav
On 24/12/25 2:09 pm, qhivert ([email protected]) wrote:
Hello,
It means there a mismatch between the info returns by your openid userinfo
endpoint and your user source.
Can you share your sogo.conf (mind the passwords and secrets in it) ?
The param
SOGoOpenIdEmailParam = "email";
tells SOGo where to get the user email in the your userinfo endpoint.
It must match the uid (or UIDFieldName) of your usersource. Be sure to have
canAuthenticate = YES;
in your user source
You can add those to have more logs:
SOGoDebugRequests = YES;
SOGoOpenIDDebugEnabled = YES;
Cheers,
