Details
Description
This is related to the issue THREESCALE-8006.
When changing from OIDC authentication mode to another authentication mode (user-key or app_id/app_key) the oidc_issuer_endpoint can contain any string. If the field is not empty APIcast self-managed won't start on boot. This is a problem and unless you don't know the issue it's very hard to troubleshoot for customers since there are no logs that help to identify the issue.
In the case of having a large list of Products it's a tedious task:
- Check the list of OIDC issuers that produce an error. You can gather this information by configuring apicast-production (3scale embeded) gateway to the product. apicast-production will start and will show some error logs related to the OIDC endpoints not being reachable.
- Download from a working apicast (apicast-production) the full json configuration.
- Go to the json configuration to see the Product IDs that have those endpoints.
- Go to the admin portal Configuration > Settings page for each Product that has an failing issuer:
- Change the authentication mode to OIDC.
- Remove the blank space in the OpenID Connect Issuer field.
- Save changes.
- Change the authentication mode to user_key or app-id/app-key again.
- Save changes.
- Promote the changes to staging and production.
- Redeploy the gateway once all issuers are empty.
Request:
It would be very helpful to have a check in the Settings page when changing from OIDC authentication type to another authentication mode type to require that the field must be empty or clear the field automatically. Note that a blank space can also be an issue.
Attachments
Issue Links
- is related to
-
THREESCALE-8006 APIcast fails to boot if one of the OIDC issuers is configured to a URL that does not respond
-
- Defined
-