Solved

GoodData.CN community edition support for OIDC

  • 19 July 2021
  • 4 replies
  • 98 views

Hi Team

 

While trying to configure the OIDC in the  GoodData.CN community edition running on my local machine, getting the below error.

level=ERROR msg="Bad Request" logger=com.gooddata.tiger.web.exception.BaseExceptionHandling thread=http-nio-9007-exec-2 orgId=default spanId=ec8ee450d037b79e traceId=ec8ee450d037b79e userId=admin exc="errorType=com.gooddata.tiger.metadata.tools.InvalidOrganizationChangeException, message=Organization hostname cannot be changed
    at com.gooddata.tiger.metadata.service.OrganizationService.updateOrganization$suspendImpl(OrganizationService.kt:81)
    at com.gooddata.tiger.metadata.service.OrganizationService.updateOrganization(OrganizationService.kt)
    at com.gooddata.tiger.metadata.service.OrganizationService$$FastClassBySpringCGLIB$$164c5933.invoke(<generated>)

 

Removed the client id, secert and url  and sharing the API request.

 

curl --request PUT \
  --header "Authorization: Bearer YWRtaW46Ym9vdHN0cmFwOmFkbWluMTIz" \
  --header 'Content-Type: application/vnd.gooddata.api+json' \
  --data '{
  "data": {
    "id": "default",
    "type": "organization",
    "attributes": {
      "name": "default",
      "hostname": "localhost:3000",
      "oauthIssuerLocation": "",
      "oauthClientId": "",
      "oauthClientSecret": ""
    }
  }
}'  http://localhost:3000/api/entities/admin/organizations/default

 

Please let me know whether I can configure ODIC in community edition. If yes, kindly let me know the reason for the error

icon

Best answer by Jan Chochol 21 July 2021, 09:59

Hello @Anjali,

Setting external OIDC provider is supported even in GoodData.CN CE.

Your initial request is failing on error “Organization hostname cannot be changed”, which mean that you are trying to change “hostname”.

Best way how to check current “hostname” is to ask for organization record:

curl --header "Authorization: Bearer YWRtaW46Ym9vdHN0cmFwOmFkbWluMTIz" --header 'Content-Type: application/vnd.gooddata.api+json' http://localhost:3000/api/entities/admin/organizations/default

By default, GoodData.CN CE use “localhost” as “hostname” (and not “localhost:3000”), so I think that your original request should pass if you change:

"hostname": "localhost:3000"

to

"hostname": "localhost"

 

Regards,

Jan

View original

4 replies

Hi Anjali,

Changing of hostname is currently not supported in GoodData.CN Community Edition, therefore, that's why you get the error.

OIDC is supported for Community Edition and all plans: https://www.gooddata.com/developers/cloud-native/#plans

And this article explains very well how to achieve OIDC integration with GD.CN:
https://community.gooddata.com/administration-kb-articles-49/okta-sso-integration-guide-with-gooddata-cn-313

Regards,
Daniela

Hi Daniela

Thanks for your quick response. 

In the link provided, it is mentioned that 

  1. You will need the values of “Client ID”, “Client secret”, and “Okta domain” to configure an OIDC client for your organization.

For updating the above details, I am using the API call similar to the example given in the link - https://www.gooddata.com/developers/cloud-native/doc/latest/administration/auth/external-oidc/ below.

 

curl --request PUT \
  --header "Authorization: Bearer $GDC_API_TOKEN" \
  --header 'Content-Type: application/vnd.gooddata.api+json' \
  --data '{
  "data": {
    "id": "alpha",
    "type": "organization",
    "attributes": {
      "name": "Alpha Corp.",
      "hostname": "analytics.alpha.example.com",
      "oauthIssuerLocation": "https://<your-issuer-url>",
      "oauthClientId": "<your-client-id>",
      "oauthClientSecret": "<your-client-secret>"
    }
  }
}'  https://analytics.alpha.example.com/api/entities/admin/organizations/alpha

 

While calling the above API with details with or with hostname variable, It says Organization hostname cannot be changed.

So, let me know is there any other way I can update the client id, secret and domain in the gooddata.CN. community edition.

Please note that when I log in with demo@example.com, I am not getting the Manage option to add users as well.

 

-- Anjali

Hi Anjali!

The problem is that you are changing the hostname property in your PUT request. Use the one that is retrieved by

curl --header "Authorization: Bearer YWRtaW46Ym9vdHN0cmFwOmFkbWluMTIz" \
http://localhost:3000/api/entities/admin/organizations/default

Best regards,

Jakub

Hello @Anjali,

Setting external OIDC provider is supported even in GoodData.CN CE.

Your initial request is failing on error “Organization hostname cannot be changed”, which mean that you are trying to change “hostname”.

Best way how to check current “hostname” is to ask for organization record:

curl --header "Authorization: Bearer YWRtaW46Ym9vdHN0cmFwOmFkbWluMTIz" --header 'Content-Type: application/vnd.gooddata.api+json' http://localhost:3000/api/entities/admin/organizations/default

By default, GoodData.CN CE use “localhost” as “hostname” (and not “localhost:3000”), so I think that your original request should pass if you change:

"hostname": "localhost:3000"

to

"hostname": "localhost"

 

Regards,

Jan

Reply