Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Zulip OIDC authentication bug. #30

Closed
janhalen opened this issue Dec 4, 2023 · 3 comments · Fixed by #32
Closed

Zulip OIDC authentication bug. #30

janhalen opened this issue Dec 4, 2023 · 3 comments · Fixed by #32
Assignees
@nicolas-semaphor
Labels
bug Something isn't working
Milestone
Proof of Concept

Comments

@janhalen
Copy link
Collaborator

janhalen commented Dec 4, 2023

@nicolas-semaphor
You can describe the bug here.
@janhalen janhalen added the bug Something isn't working label Dec 4, 2023
@janhalen janhalen added this to the Proof of Concept milestone Dec 4, 2023
@janhalen
Copy link
Collaborator Author

janhalen commented Dec 4, 2023

After some digging.. I found this description..
https://chat.zulip.org/#narrow/stream/31-production-help/topic/OIDC.20error.20when.20login/near/1549038

Does that have any impact on the bug?

@janhalen
Copy link
Collaborator Author

janhalen commented Dec 6, 2023

@nicolas-semaphor: Ready for resolution when commits to #18 is done...

@janhalen janhalen linked a pull request Dec 6, 2023 that will close this issue
18 create OIDC connection between a configured authentik and 2 applications #32
Merged
@nicolas-semaphor
Copy link
Collaborator

As far as I can tell the issues relates to the Zulip smokescreen proxy and requests to the SOCIAL_AUTH servers getting caught up there. The issue was resolved by adding
SOCIAL_AUTH_PROXIES = {"http": None, "https": None}
to the settings.py file in /etc/zulip/settings.py.

When running docker-zulip, you can add the following to the docker-compose.yml to automatically add this line to settings.py in every build (as I have also done in the zulip-deployment docker-compose.yml in branch #18 ):
ZULIP_CUSTOM_SETTINGS: SOCIAL_AUTH_PROXIES={"http":None,"https":None}

If one is running multiple social auth setups, you can allegedly also use specific auth-proxy settings, like:
SOCIAL_AUTH_OIDC_PROXIES etc., but I did not test this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nicolas-semaphor nicolas-semaphor

Labels
bug Something isn't working
Projects
None yet
Milestone
Proof of Concept
2 participants
@janhalen @nicolas-semaphor