Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dCacheView OIDC provider list empty, does not show configured provider "escape" #6910

Closed
onnozweers opened this issue Dec 5, 2022 · 3 comments
Closed

dCacheView OIDC provider list empty, does not show configured provider "escape" #6910

onnozweers opened this issue Dec 5, 2022 · 3 comments

Comments

@onnozweers
Copy link
Contributor

onnozweers commented Dec 5, 2022
edited
Loading

Dear dCache devs,

Some 3 years ago I had successfully configured Escape as an OIDC provider in our test server at https://dolphin12.grid.surfsara.nl:20443/. It no longer works: the list of OIDC providers in dCacheView is empty. There is a button "Login via an OpenID-Connect account", but when clicked, no provider is listed under "Supported OpenID Providers".

The same for a new test server I'm setting up: https://dcachetest.grid.surfsara.nl:20443/ with a very recent master 9.0 snapshot. I've tried with Firefox and Chrome on MacOS.

Here is the config (dcachetest is an alias for hedgehog14, hence the layout filename):

[root@hedgehog14 /etc/dcache]# grep -iR -e '^[^#].*oidc' -e '^[^#].*escape' *
gplazma.conf:auth	optional  oidc
layouts/hedgehog14.conf:gplazma.oidc.provider!ESCAPE=https://iam-escape.cloud.cnaf.infn.it/
layouts/hedgehog14.conf:frontend.static!dcache-view.oidc-provider-name-list = ESCAPE
layouts/hedgehog14.conf:frontend.static!dcache-view.oidc-client-id-list = 1b190b34-12d5-4433-88d6-8f1882fafe64
layouts/hedgehog14.conf:frontend.static!dcache-view.oidc-authz-endpoint-list = https://iam-escape.cloud.cnaf.infn.it/authorize
LinkGroupAuthorization.conf:/escape/Role=*
LinkGroupAuthorization.conf:/saradmins/Role=escape
LinkGroupAuthorization.conf:/escape/Role=*
LinkGroupAuthorization.conf:/saradmins/Role=escape
LinkGroupAuthorization.conf:LinkGroup escape-disk-write-link-group
LinkGroupAuthorization.conf:/escape/Role=*
LinkGroupAuthorization.conf:/saradmins/Role=escape
LinkGroupAuthorization.conf:LinkGroup escape-tape-write-link-group
LinkGroupAuthorization.conf:/escape/Role=*
LinkGroupAuthorization.conf:/saradmins/Role=escape
multimap-groupname-to-username+uid.conf:group:escape      username:escape    uid:50209
multimap-id-to-group+gid.conf:fqan:/escape            group:escape  gid:49839,true
multimap-id-to-group+gid.conf:oidcgrp:escape          group:escape  gid:49839,true

I've set the frontend logging level at debug, reloaded the dCacheView login page, but I can't find any relevant logging that explains why the list of providers is empty.

When I disable the frontend.static!dcache-view.oidc-* lines and reload, the button "Login via an OpenID-Connect account" disappears. So they appear to do at least something.

When I use the browser console to find browser errors, I can see some, but I can't see whether they have anything to do with the problem. I'll list them below.

elements.html-234.js:10 Uncaught TypeError: Cannot read properties of undefined (reading 'trim')
    at new LoginformWithOpenid (elements.html-234.js:10:82)
    at UserLoginPage._stampTemplate (elements.html-10.js:408:59)
    at UserLoginPage._stampTemplate (elements.html-11.js:2303:25)
    at UserLoginPage.ready (elements.html-12.js:611:28)
    at UserLoginPage.ready (elements.html-235.js:15:23)
    at UserLoginPage._enableProperties (elements.html-9.js:516:16)
    at UserLoginPage.connectedCallback (elements.html-12.js:595:14)
    at UserLoginPage.connectedCallback (elements.html-235.js:38:23)
    at elements.html-142.js:132:32
    at elements.html-141.js:474:52
LoginformWithOpenid @ elements.html-234.js:10
_stampTemplate @ elements.html-10.js:408
_stampTemplate @ elements.html-11.js:2303
ready @ elements.html-12.js:611
ready @ elements.html-235.js:15
_enableProperties @ elements.html-9.js:516
connectedCallback @ elements.html-12.js:595
connectedCallback @ elements.html-235.js:38
(anonymous) @ elements.html-142.js:132
(anonymous) @ elements.html-141.js:474
nextEnter @ elements.html-141.js:306
(anonymous) @ elements.html-141.js:475
nextEnter @ elements.html-141.js:306
(anonymous) @ elements.html-141.js:475
nextEnter @ elements.html-141.js:306
(anonymous) @ elements.html-141.js:475
nextEnter @ elements.html-141.js:306
(anonymous) @ elements.html-141.js:475
nextEnter @ elements.html-141.js:306
(anonymous) @ elements.html-142.js:29
(anonymous) @ elements.html-141.js:474
nextEnter @ elements.html-141.js:306
page.dispatch @ elements.html-141.js:312
page.replace @ elements.html-141.js:274
page.start @ elements.html-141.js:170
page @ elements.html-141.js:104
(anonymous) @ elements.html-142.js:244
(anonymous) @ post-polyfill.js:61
(anonymous) @ elements.html-104.js:15
requestAnimationFrame (async)
window.requestAnimationFrame @ elements.html-104.js:15
(anonymous) @ post-polyfill.js:59
(anonymous) @ html-imports.js:612
(anonymous) @ html-imports.js:648
c @ html-imports.js:590
k.j @ html-imports.js:537
(anonymous) @ html-imports.js:523
g @ html-imports.js:44
k.w @ html-imports.js:523
d @ html-imports.js:397
(anonymous) @ html-imports.js:406
b @ html-imports.js:459
(anonymous) @ html-imports.js:456
c @ html-imports.js:590
load (async)
t @ html-imports.js:592
(anonymous) @ html-imports.js:646
g @ html-imports.js:44
L @ html-imports.js:646
(anonymous) @ html-imports.js:612
b @ html-imports.js:626
C @ html-imports.js:630
D @ html-imports.js:612
(anonymous) @ post-polyfill.js:58
(anonymous) @ webcomponents-hi.js:53
DevTools failed to load source map: Could not load content for https://dcachetest.grid.surfsara.nl:20443/elements/md5.min.js.map: HTTP error: status code 401, net::ERR_HTTP_RESPONSE_CODE_FAILURE
DevTools failed to load source map: Could not load content for https://dcachetest.grid.surfsara.nl:20443/elements/web-animations-next-lite.min.js.map: HTTP error: status code 401, net::ERR_HTTP_RESPONSE_CODE_FAILURE
DevTools failed to load source map: Could not load content for https://dcachetest.grid.surfsara.nl:20443/elements/custom-style-interface.min.js.map: HTTP error: status code 401, net::ERR_HTTP_RESPONSE_CODE_FAILURE
DevTools failed to load source map: Could not load content for https://dcachetest.grid.surfsara.nl:20443/elements/apply-shim.min.js.map: HTTP error: status code 401, net::ERR_HTTP_RESPONSE_CODE_FAILURE

Any suggestions? Or could this be a bug?

Cheers,
Onno
@onnozweers
Copy link
Contributor Author

I've noticed that https://prometheus.desy.de:3880/ shows 4 OIDC providers. 3 of them allow authenticating with my SURF credentials, but all 3 of them show some error or another. I seem to remember that 3 years ago at least logging in with the Escape provider used to work. Now it returns "user is undefined".

@elenamplanas
Copy link

Hi Onno,

It seems that you're facing the same problem I had in #6659 . It was the same that in dCache/dcache-view#267

You should define this option with "-":

frontend.static!dcache-view.oidc-authz-endpoint-extra = -

Cheers,
Elena

@onnozweers
Copy link
Contributor Author

Thanks soo much, Elena! Works like a charm!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@onnozweers @elenamplanas