Invalid Login!

Question

Invalid Login!

georgi-at-skribble opened this issue 3 months ago · 2 comments

georgi-at-skribble commented 3 months ago

I am losing my mind over this for the last day.

Deployed with ouctl, helm-charts, Argocd...everytime I get the same problem.

The github redirect works -> when try to access the portal I get prompts to Authorize the Github app and after that : Invalid Login

I don't see anything in the pods logs, neither the api-server.
Just this one line in ochestra logs:

[2024-08-22 09:52:02,002][XNIO-1 task-7] INFO AccessLog - [AuFail] - completelogin - https://k8s.XXXXXXXXXXXX.space/auth/github - cn=none - enterprise-idp [10.244.1.4] - [f5072499b42b30a82332b3c9076d7457dbed95bfc]

Nothing before, nothing after...

Tried on managed cluster and my own bare kubernetes.

Here is my values.yaml

`network:
openunison_host: "k8s.XXXXXXXX.space"
dashboard_host: "k8sdb.XXXXXXX.space"
api_server_host: "k8sapi.XXXXXXX.space"
session_inactivity_timeout_seconds: 900
k8s_url: https://XX.XX.XX.XX:6443
force_redirect_to_tls: false
createIngressCertificate: false
ingress_type: nginx
ingress_annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
kubernetes.io/ingress.class: nginx

cert_template:
ou: "Kubernetes"
o: "Space"
l: "InfraCluster"
st: "State of Cluster"
c: "Switzerland"

myvd_config_path: "WEB-INF/myvd.conf"
k8s_cluster_name: infracluster
enable_impersonation: true

impersonation:
use_jetstack: true
explicit_certificate_trust: true

dashboard:
namespace: "kubernetes-dashboard"
cert_name: "kubernetes-dashboard-certs"
label: "k8s-app=kubernetes-dashboard"
service_name: kubernetes-dashboard
require_session: true
new: true

certs:
use_k8s_cm: false

trusted_certs: []

monitoring:
prometheus_service_account: system:serviceaccount:monitoring:prometheus-k8s

github:
client_id: XXXXXXXXXXX
teams: developers/

network_policies:
enabled: false
ingress:
enabled: true
labels:
kubernetes.io/metadata.name: ingress-nginx-internet
monitoring:
enabled: true
labels:
kubernetes.io/metadata.name: monitoring
apiserver:
enabled: true
labels:
kubernetes.io/metadata.name: kube-system

services:
enable_tokenrequest: false
token_request_audience: api
token_request_expiration_seconds: 600
node_selectors: []

openunison:
replicas: 1
non_secret_data:
K8S_DB_SSO: oidc
PROMETHEUS_SERVICE_ACCOUNT: system:serviceaccount:monitoring:prometheus-k8s
secrets: []
html:
prefix: openunison
enable_provisioning: false
use_standard_jit_workflow: true
az_groups:

users`

Any ideas?

Answer 1 · 2024-08-22T13:03:46.000Z

For anyone having the same issue with no meaningful error, the issue was I did no notice that my github teams value is missing ORG

this works - teams: Orgname/teamname
this don't - teams: teamname/

I double test it and this was the real problem with my deployment.

Answer 2 · 2024-08-22T13:52:48.000Z

beat me to it @georgi-at-skribble !