Setting up SSO with a Synology NAS (DSM 7.2)

Hello, I’m trying to setup SSO via OIDC using Auth0 as IdP. Both on the DSM and the Auth0 side I have a user called my.user with email my.user@example.org.

On the Synology side, I followed their guide and I set

• Account type : Domain/LDAP/local
• Name : My App
• Well-known URL : https://iset-telecom.eu.auth0.com/.well-known/openid-configuration
• Application ID : the Client ID
• Application Secret: the Client Secret
• Redirect URI: my login portal
• Authorization scope : openid
• Username claim: email

When I try to SSO into the NAS, I am redirected to the Auth0 Login form. When I login, I am redirected back to the Synology login portal, but I get back a generic SSO error.

Any ideas about how to troubleshoot this problem?

Hi @iset

Welcome to the Auth0 Community!

I’ve checked the signup and log flow on your tenant, and it looks good. Can you check the logs in the DSM? Also can you check the connection response https://openidconnect.net/

Thanks
Dawid

Hi @dawid.matuszczyk, and thank you for your welcome. I haven’t found a clear log that can help me troubleshot this problem. In/var/etc/auth.log, I can see errors like the following:

2023-12-18T19:53:13+01:00 iset-synology synoscgi_SYNO.API.Auth_7_login[13158]: pam_syno_log_fail(sso:auth): Can't get user uid ().

Regarding the test with https://openidconnect.net/, finally I got:

{
 "iss": "https://iset-telecom.eu.auth0.com/",
 "aud": "<my yclient_id>",
 "iat": 1702926881,
 "exp": 1702962881,
 "sub": "auth0|...",
 "sid": "..."
}

It is fine, I guess.

Cheers!

Hi @iset

Sorry for the confusion. Did you manage to solve the issue? Or does it still occur?

Thanks
Dawid

Hi @dawid.matuszczyk. No worries at all and thank you for your help! Nope, unfortunately I’m still stuck. Here is another piece of log that I’ve found in the NAS:

oidc_auth.cpp:70 Get sso operation failed. Reason: SYNOUserLoginNameConvert failed.
pam_syno_sso.cpp:128 (euid=0)(pam_syno_sso.cpp:128)(Success)Failed [username.empty()]
pam_syno_log_fail(sso:auth): Can't get user uid ().
login.c:1129 Get uid/gid fail for user []. [0x1D00 user_db_get.c:36]

Whoooo just fixed modifying these entries in the DSM settings:

• Authorization scope : openid profile
• Username claim: name

Side question: is there a way to customize the username upon the user creation?

image1272×1150 35.6 KB

It defaults to the email address and you need to change it later.

That’s great to hear that @iset,

Feel free to reach out if you will have more questions!

Have a great day!

Thanks
Dawid

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.