-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
unauthorized error after login with External OIDC #21394
Comments
You need to configure you kubernetes API server to use your externel OIDC provider. |
you need to specify the flags --oidc-issuer-url and --oidc-client-id on the API server. https://kubernetes.io/docs/reference/access-authn-authz/authentication/#openid-connect-tokens I had the same problem as you and i resolved it by confuguring the kube api as this image indicates. |
Hello
|
Any recommendations? |
@MohamedAnouar I had the same issue for my AKS. So I have patched che-operator to pass access token to AKS. And it solved the issue for me. You can try to add below during
Hope it will help you as well. |
Issues go stale after Mark the issue as fresh with If this issue is safe to close now please do so. Moderators: Add |
Describe the bug
When trying to configure eclipse che with external OIDC (keycloak / Azure AD) with AKS version 1.21.2, we run into unauthorized issues after deployment : we used the following configuration file :
spec:
server:
customCheProperties:
CHE_OIDC_USERNAME__CLAIM: "email"
auth:
externalIdentityProvider: true
openShiftoAuth: false
identityProviderURL: "https://login.microsoftonline.com/XXXXXXXX/v2.0"
identityProviderRealm: "XXXXX"
identityProviderClientId: "XXXXX"
oAuthClientName: "XXXX"
identityProviderSecret: "XXXX"
oAuthSecret: "XXXXX"
The command we used to install :
chectl server:deploy
--domain=xxxx.com
--platform=k8s
--telemetry=off
--che-operator-cr-patch-yaml=checluster.yml
--skip-oidc-provider-check
Che version
7.47@latest
Steps to reproduce
--domain=xxxx.com
--platform=k8s
--telemetry=off
--che-operator-cr-patch-yaml=checluster.yml
--skip-oidc-provider-check
Expected behavior
The user is able to access and to launch the workspace
Runtime
Kubernetes (vanilla)
Screenshots
Installation method
chectl/latest
Environment
Linux
Eclipse Che Logs
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: