Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-62142

Cannot login to openshift console in external oidc env using Windows server ADFS provider due to "error constructing login state: failed to save refresh token cookie: securecookie: the value is too long: 6704"

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • 4.20
    • Management Console
    • None
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • Critical
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description of problem:

      Configure external oidc provider with ADFS server for the cluster, login openshift-console, met authentication error in console.

      Version-Release number of selected component (if applicable):

      4.20.0-0.nightly-2025-09-19-231410

      How reproducible:

         Always

      Steps to Reproduce:

          1. Configure ADFS server external oidc provider in authentication
 
$oc edit authentication
  spec:
    oauthMetadata:
      name: ""
    oidcProviders:
    - claimMappings:
        groups:
          claim: custom-groups
          prefix: 'oidc-groups-test:'
        username:
          claim: email
          prefix:
            prefixString: 'oidc-user-test:'
          prefixPolicy: Prefix
      issuer:
        audiences:
        - <CLINET_ID>
        issuerCertificateAuthority:
          name: adfs-ca
        issuerURL: <ISSUER_URL>
      name: windows-oidc
      oidcClients:
      - clientID: <CLIENT_ID>
        clientSecret:
          name: adfs-secret
        componentName: console
        componentNamespace: openshift-console
        extraScopes:
        - email
        - profile
        - allatclaims
    serviceAccountIssuer: ""
    type: OIDC
  
    2. Login in openshift console and input ADFS username/password
    3. Got authentication error info in console
    4. Click Try again, then can log in openshift, but displayed 404 error in openshift console
     5. After click any tab, openshift console display correctly.

      Actual results:

         Cannot login openshift console first time.

      Expected results:

          Should login openshift console successfully first time

      Additional info:

      openshift console info: https://docs.google.com/document/d/1C0Ln-Ir6hthQfy5r8K9Q6uBzniWmsERwp1JVu6_E200/edit?tab=t.0

      must-gather: https://drive.google.com/drive/folders/1kKsCnSwwsvxC_9BSF_N89osCJN2imteL?usp=drive_link 

              rh-ee-jonjacks Jon Jackson
              rhn-support-wewang Wen Wang
              None
              None
              Wen Wang Wen Wang
              None
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: