Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redirected to login page after Dex successful login #7873

Open
zxtariel0512 opened this issue Jul 1, 2024 · 0 comments
Open

Redirected to login page after Dex successful login #7873

zxtariel0512 opened this issue Jul 1, 2024 · 0 comments

Comments

@zxtariel0512
Copy link

Hi there! I have been struggling with this issue for days and would love to have any suggestion or help.

Background
I deployed Kubeapps using helm chart on a TKC, and am able to access it in browser and login to see all my apps and deploy new app using ServiceAccount token. I am now trying to configure it to use Dex for login. I deployed Dex on the same TKC, edited the helm chart value of Kubeapps to enable auth-proxy for Dex.

Problem
After accessing Kubeapps using http://localhost:8080, I clicked the button for Dex login, and got successfully redirected to Dex login page. I entered the default username and password ([email protected]/12341234), and got successfully authenticated. But then I got redirected back to Kubeapps login page. It seems that Kubeapps does not think I am authenticated.

Currently using...
Below is the useful fields I am using in Kubeapps helm chart:

authProxy:
  external: false
  oauthLoginURI: /oauth2/start
  oauthLogoutURI: /oauth2/sign_out
  skipKubeappsLoginPage: true
  provider: oidc
  clientID: xxx
  clientSecret: xxx
  cookieSecret: xxx
  cookieRefresh: 2m
  scope: "profile email groups openid"
  extraFlags:
  - --cookie-secure=false
  - --ssl-insecure-skip-verify=true
  - --oidc-issuer-url=http://dex.auth.svc.cluster.local:5556/dex
  - --redirect-url=http://localhost:8080/oauth2/callback
  - --user-id-claim=email

And below is my Dex configmap:

apiVersion: v1
kind: ConfigMap
metadata:
  name: dex
data:
  config.yaml: |
    issuer: http://dex.auth.svc.cluster.local:5556/dex
    storage:
      type: kubernetes
      config:
        inCluster: true
    web:
      http: 0.0.0.0:5556
    logger:
      level: "debug"
      format: text
    oauth2:
      skipApprovalScreen: true
    enablePasswordDB: true
    staticPasswords:
    - email: [email protected]
      hash: $2y$12$4K/VkmDd1q1Orb3xAt82zu8gk7Ad6ReFR4LCP9UeYE90NLiN9Df72
      # https://github.com/dexidp/dex/pull/1601/commits
      # FIXME: Use hashFromEnv instead
      username: user
      userID: "15841185641784"
    staticClients:
    # https://github.com/dexidp/dex/pull/1664
    - idEnv: OIDC_CLIENT_ID
      redirectURIs:
      - http://localhost/oauth2/callback
      - http://localhost:8080/oauth2/callback
      name: 'Dex Login Application'
      secretEnv: OIDC_CLIENT_SECRET

Workaround
I am not 100% sure but I think my Kubeapps should be okay because I was able to login, view apps, and deploy new app using ServiceAccount token. And I have checked the Dex pod to make sure that from the Dex's view, I am successfully authenticated.
So I feel like the issue is about the redirect URI... I followed the official documentation to set it to be http://localhost:8080/oauth2/callback. I have verified that this callback URI is indeed called after Dex authentication. But somehow it always takes me back to Kubeapps login page.

Thanks! Any opinion would help!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@zxtariel0512