Solved

Unregistered redirect_uri using Built-in OIDC Identity Provider

  • 3 September 2021
  • 4 replies
  • 759 views

  • Known Participant
  • 20 replies

Hi Team,

We have deployed the GD.CN with DEX after sucessfull installation we are able to bootstrap users,workspaces via cli . However UI login screen throwing the bad request 

 

 

Kindly help us how to fix / add callbacks !

Ref:

https://www.gooddata.com/developers/cloud-native/doc/1.3/administration/auth/

https://www.gooddata.com/developers/cloud-native/doc/1.3/administration/auth/built-in-oidc/

 

Regards,
Ashok

icon

Best answer by Robert Moucha 7 September 2021, 00:29

View original

4 replies

Userlevel 2

Hello @ashok

the redirect_url has wrong schema (http instead of https). This error is caused by the fact the Ingress controller doesn’t pass X-Forwarded-* headers from upstream load balancer to application.

Please add the following annotations to ingress-nginx service helm chart (using values-ingress.yaml file) and perform rollout restart of ingress-nginx deployment:

 

controller:
  service:
    annotations:
# This resolves a possible issue with big headers
proxy-buffer-size: '16k'

# Improve performance of requests with a large body
client-body-buffer-size: '1m'

# use X-Forwarded-* received from ELB - important for proper propagation
# of LoadBalancer host, port, and schema
use-forwarded-headers: 'true'

# some other annotations...

Especially the “use-forwarded-headers” is very important.

Reapply the ingress-nginx helm chart with these updated values file and restart ingress-nginx deployment using “kubectl rollout restart deployment ...” command.

Then, delete your organization using “kubectl -n gooddata-cn delete org <<your-organization-name>>” and recreate it again with the original definition. This command will reconfigure Dex Oauth2 client with a correct redirect_url.

Dex user will be preserved, but you’ll need to recreate user mapping to organization as described here, with the same authenticationId as before.

 

Kind regards,

Robert Moucha

Hi @Robert Moucha  Thanks for the response, However issue is not resolved  I have followed all the above mentioned steps and alos tried with fresh new installation did’nt help same k8 cluster.

-- values-ingress.yaml --

 

 

 

 

Regards,
Ashok

Userlevel 2

Ah, my bad :scream: . I misplaced the configuration options I advised to a different section. These three (proxy-buffer-size, client-body-buffer-size, and use-forwarded-headers) do NOT belong to controller.service.annotations, but to controller.config.

So the correct structure is:

controller:
config:
# This resolves a possible issue with big headers
proxy-buffer-size: '16k'

# Improve performance of requests with a large body
client-body-buffer-size: '1m'

# use X-Forwarded-* received from ELB - important for proper propagation
# of LoadBalancer host, port, and schema
use-forwarded-headers: 'true'
service:
annotations:
# some other annotations...

I’m very sorry.

Thanks for support Robert  👍

Reply