Uploaded image for project: 'Red Hat Internal Developer Platform'
  1. Red Hat Internal Developer Platform
  2. RHIDP-7912

[Docs] Add documentation on omitIdentityTokenOwnershipClaim config

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Normal Normal
    • 1.8.0
    • 1.7.0
    • Documentation
    • RHDH Documentation 3276, RHDH Documentation 3277, RHDH Documentation 3278, RHDH Documentation 3279, RHDH Documentation 3282

      With Backstage v1.39, this new config has been pulled in that resolves the issue of oversized JWT tokens. Refer to this comment and upstream docs for more detail.

      This config is applied like so:

       

      auth:
  omitIdentityTokenOwnershipClaim: true

       

      Ideally, this information would live under the authentication troubleshooting section. For now, we can add this under the overview section of auth.

       

       

      HTTP Errors

      Request Header Too Large (see bug)

      This error can indicate that the user identity token is too long because the user is a part of a lot of groups, causing the ownership claim to grow very large. 

      Solution: 
      • Set auth.omitIdentityTokenOwnershipClaim to true

       

      Login failed Errors in RHDH Sign-in Page

      Login failed; caused by Error: Failed to sign-in, unable to resolve user identity. Please verify that your catalog contains the expected User entities that would match your configured sign-in resolver.

      This error indicates that the user that is trying to sign in does not match a user entity in the RHDH catalog. 

      Solution: 
      • Check that the corresponding catalog provider plugin is set up correctly and is successfully syncing users/groups into the catalog (confirm in backend logs)

      It should look like:

       

      backend:start: 2025-06-20T18:52:25.691Z catalog info Read 114 GitHub users and 22 GitHub groups in 3.4 seconds. Committing... target="https://github.com" class="GithubMultiOrgEntityProvider" taskId="GithubMultiOrgEntityProvider:development:refresh" taskInstanceId="a2d0e664-8537-453c-985c-6932ff7d8e88" trace_id="a4f8261b7bdd0c8848150b2ecbf095f0" span_id="32666fa09b7585ba" trace_flags="01"

      backend:start: 2025-06-20T18:52:25.715Z catalog info Committed 114 GitHub users and 22 GitHub groups in 0.0 seconds. target="https://github.com" class="GithubMultiOrgEntityProvider" taskId="GithubMultiOrgEntityProvider:development:refresh" taskInstanceId="a2d0e664-8537-453c-985c-6932ff7d8e88" trace_id="a4f8261b7bdd0c8848150b2ecbf095f0" span_id="32666fa09b7585ba" trace_flags="01"

       

      If the users/groups have been ingested into the catalog:

      • Check that the resolver used (default or configured) does work to match based on the correct parameters 
      • Use the guest log in to look into the user entity in the catalog

          1.
          		 [DOC] Technical Review Sub-task Closed Undefined Jessica He
          2.
          		 [DOC] Peer Review Sub-task Closed Undefined Judith Amondi Magak

              jvrbkova@redhat.com Jana Vrbkova
              rh-ee-jhe Jessica He
              RHIDP - Documentation
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: