Uploaded image for project: 'Red Hat Developer Hub Bugs'
  1. Red Hat Developer Hub Bugs
  2. RHDHBUGS-930

OIDC login failing for emailMatchingUserEntityProfileEmail resolver

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False

      Description of problem:

      We are trying to integrate w3 SSO login with the help of OIDC authentication provider in RHDH. To integrate the OIDC login we are using the configurations given below :- 

      auth:
         session:
            secret:<secrets>
         providers:
            oidc:
              production:
                 metadataUrl: <metadata_url>
                 clientId: <oidc-client-id>
                 clientSecret: <oidc-client-secret>
                 prompt: auto
                 signIn:
                   resolvers:
                      - resolver: emailMatchingUserEntityProfileEmail

      signInPage: oidc

       

      This piece of code is not working when we try to test this with multiple users .

      Prerequisites (if any, like setup, operators/versions):

      Steps to Reproduce

      1. <steps>

      Actual results:

      We are getting error like this :- 

      Login failed; caused by Error: Failed to sign-in, unable to resolve user identity

      Expected results: 

      It should give proper OIDC login and verify the user by it's SSO login id (w3id) . 

      Reproducibility (Always/Intermittent/Only Once):

      Always

      Build Details: 

      RHDH 1.3

      Additional info (Such as Logs, Screenshots, etc):

      When we checked the logs it was going well till grant and code generation stage but after that it redirected to entity locations and templates fetch . It is skipping the token generation part. Attaching the logs for same :- 

      {"actor":

      {"actorId":"plugin:auth","hostname":"localhost","ip":"ip","userAgent":"node-fetch/1.0 (+[https://github.com/bitinn/node-fetch])"}

      ,"eventName":"CatalogEntityFetch","isAuditLog":true,"level":"info","message":"Entity fetch attempt by plugin:auth succeeded","meta":{},"plugin":"catalog","request":{"body":{},"method":"GET","params":{},"query":

      {"filter":["spec.profile.email=[w3emailid|mailto:Sakshi.Gupta6@ibm.com],kind=user"]}

      ,"url":"/api/catalog/entities?filter=spec.profile.email%3D%w3emailid%2Ckind%3Duser"},"response":{"status":200},"service":"backstage","stage":"completion","status":"succeeded","timestamp":"2024-12-17 04:47:12"}

      {"level":"info","message":"[17/Dec/2024:04:47:12 +0000] \"GET /api/catalog/entities?filter=spec.profile.email%3D%[w3emailid|http://40ibm.com/]%2Ckind%3Duser HTTP/1.1\" 200 2 \"-\" \"node-fetch/1.0 (+[https://github.com/bitinn/node-fetch])\"","service":"rootHttpRouter","timestamp":"2024-12-17 04:47:12","type":"incomingRequest"}

      {"level":"info","message":"[17/Dec/2024:04:47:12 +0000] \"GET /api/auth/oidc/handler/frame?code=${code}&grant_id=${grandid} HTTP/1.1\" 200 - \"${OIDC-host-server-url}/\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36\"","service":"rootHttpRouter","timestamp":"2024-12-17 04:47:12","type":"incomingRequest"}

              Unassigned Unassigned
              ritikaagarwal Ritika Agarwal (Inactive)
              RHDH Security
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: