Details
-
Bug
-
Resolution: Done
-
Normal
-
OSSM 2.3.0
Description
When trying to connect to Kiali via "openshift" auth strategy (which is using OpenShift OAuth), the following error message appears as login failure:
error "invalid_request" error_description "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed."
Customer has non-standard ports defined in the OpenShift ingress.
Today, this is not supported by Kiali.
apiVersion: oauth.openshift.io/v1 grantMethod: auto kind: OAuthClient metadata: annotations: operator-sdk/primary-resource: istio-system/kiali operator-sdk/primary-resource-type: Kiali.kiali.io labels: app: kiali app.kubernetes.io/instance: kiali app.kubernetes.io/name: kiali app.kubernetes.io/part-of: kiali app.kubernetes.io/version: 067a2c5257e5aef21ae8f896d28425c3aecde3333abaf589ff5e52b0207eXXX version: 067a2c5257e5aef21ae8f896d28425c3aecde3333abaf589ff5e52b0207eXXX name: kiali-istio-system redirectURIs: - https://kiali-istio-system.apps-mgm.my-test.abc.com
That "redirectURIs" value doesn't work because the ingress service is not using the standard 443 for https, but instead has been changed by the customer to be 31102:
$ oc get svc -n openshift-ingress
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
router-internal-apps ClusterIP 9.2.209.61 <none> 31103/TCP,31104/TCP,1937/TCP 131d
router-internal-default ClusterIP 9.2.215.29 <none> 31101/TCP,31102/TCP,1936/TCP 131d
Here you can see it has been changed:
$ oc get svc router-internal-default -n openshift-ingress -o yaml
...
ports:
- name: http
port: 31101
protocol: TCP
targetPort: 31101
- name: https
port: 31102 <--- Ingress HTTPS port is 31102 as entrypoint.
protocol: TCP
targetPort: 31102
