To GoodData homepage
Solved

Unregistered redirect_uri using Built-in OIDC Identity Provider

  • 3 September 2021
  • 4 replies
  • 511 views
A
  • ashok
  • Known Participant
  • 17 replies

Hi Team,

We have deployed the GD.CN with DEX after sucessfull installation we are able to bootstrap users,workspaces via cli . However UI login screen throwing the bad request 

 

 

Kindly help us how to fix / add callbacks !

Ref:

https://www.gooddata.com/developers/cloud-native/doc/1.3/administration/auth/

https://www.gooddata.com/developers/cloud-native/doc/1.3/administration/auth/built-in-oidc/

 

Regards,
Ashok

icon

Best answer by Robert Moucha 7 September 2021, 00:29

View original

4 replies

R
Rank
Userlevel 2

Hello @ashok

the redirect_url has wrong schema (http instead of https). This error is caused by the fact the Ingress controller doesn’t pass X-Forwarded-* headers from upstream load balancer to application.

Please add the following annotations to ingress-nginx service helm chart (using values-ingress.yaml file) and perform rollout restart of ingress-nginx deployment:

 

controller:
  service:
    annotations:
      # This resolves a possible issue with big headers
      proxy-buffer-size: '16k'

      # Improve performance of requests with a large body
      client-body-buffer-size: '1m'

      # use X-Forwarded-* received from ELB - important for proper propagation 
      # of LoadBalancer host, port, and schema
      use-forwarded-headers: 'true'

      # some other annotations...

Especially the “use-forwarded-headers” is very important.

Reapply the ingress-nginx helm chart with these updated values file and restart ingress-nginx deployment using “kubectl rollout restart deployment ...” command.

Then, delete your organization using “kubectl -n gooddata-cn delete org <<your-organization-name>>” and recreate it again with the original definition. This command will reconfigure Dex Oauth2 client with a correct redirect_url.

Dex user will be preserved, but you’ll need to recreate user mapping to organization as described here, with the same authenticationId as before.

 

Kind regards,

Robert Moucha

A

Hi @Robert Moucha  Thanks for the response, However issue is not resolved  I have followed all the above mentioned steps and alos tried with fresh new installation did’nt help same k8 cluster.

-- values-ingress.yaml --

 

 

 

 

Regards,
Ashok

R
Rank
Userlevel 2

Ah, my bad :scream: . I misplaced the configuration options I advised to a different section. These three (proxy-buffer-size, client-body-buffer-size, and use-forwarded-headers) do NOT belong to controller.service.annotations, but to controller.config.

So the correct structure is:

controller:
  config:
    # This resolves a possible issue with big headers
    proxy-buffer-size: '16k'

    # Improve performance of requests with a large body
    client-body-buffer-size: '1m'

    # use X-Forwarded-* received from ELB - important for proper propagation 
    # of LoadBalancer host, port, and schema
    use-forwarded-headers: 'true'
  service:
    annotations:
      # some other annotations...

I’m very sorry.

A

Thanks for support Robert  👍

Reply


Join us on
Welcome to the GoodData Community!Cookie settings