SOLVED: Lost admin account

[veleek]

This won't apply to everyone but hopefully it'll help a few people out.

I lost access to my admin account by enabling the SSO plugin -  9p4/jellyfin-plugin-sso: This plugin allows users to sign in through an SSO provider (such as Google, Microsoft, or your own provider). This enables one-click signin.

Signing in using the SSO method overwrote the user permissions on my account causing me to lose admin privs, even when re-signing in again using the original auth method (because the accounts were linked).  I had opted to not setup the user/admin role bindings during my initial setup of the SSO provider (PocketId in my case)

So, the fix: I could still get into the config files and was able to find the SSO plugin config at ./config/plugins/configurations/SSO-Auth.xml.  It had something like this:

Code:

        <PluginConfiguration>
          <OidEndpoint>https://id.example.com</OidEndpoint>
          <OidClientId>redacted</OidClientId>
          <OidSecret>redacted</OidSecret>
          <Enabled>true</Enabled>
          <EnableAuthorization>true</EnableAuthorization>
          <EnableAllFolders>true</EnableAllFolders>
          <EnabledFolders />
          <AdminRoles /> // <-- Empty!!
          <Roles />
          ...other stuff...

Since it's trivial for me to modify the configuration for PocketId, I ensured that my user was in at least one group, and then I updated the <AdminRoles/> element to 

Code:

          <AdminRoles>
            <string>my-admin-group-name</string>
          </AdminRoles>
          <Roles>
            <string>my-admin-group-name</string> // <--- This might not be necessary
          </Roles>

The next time I logged in, I was granted the admin role by way of the appropriate group and I could access the dashboard again.