Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot connect to ODD Platform after configuring Azure Identity Provider #1712

Open
babaMar opened this issue Oct 25, 2024 · 2 comments
Open

Cannot connect to ODD Platform after configuring Azure Identity Provider #1712

babaMar opened this issue Oct 25, 2024 · 2 comments
Assignees
@Vladysl
Labels
kind: bug Something isn't working

Comments

@babaMar
Copy link

babaMar commented Oct 25, 2024
edited
Loading

Describe the bug
The platform keeps returning Invalid Credentials

Set up
Deployed via Helm, latest chart version. Configuration for Azure provider:

    auth:
      type: OAUTH2
      oauth2:
        client:
          azure:
            provider: 'azure'
            azure-tenant-id: "$(AZURE_TENANT_ID)"
            client-id: "$(OddPlatformAzureAuthClientId)"
            client-secret: "$(OddPlatformAzureAuthClientSecret)"
            client-name: azure
            redirect-uri: "https://datagovernance$(NewGlobeGlobalHostNameSuffix)/login/oauth2/code/azure"
            scope:
              - openid
              - offline_access
              - https://graph.microsoft.com/user.read
            authorization-uri: https://login.microsoftonline.com/${auth.oauth2.client.azure.azure-tenant-id}/oauth2/v2.0/authorize
            token-uri: https://login.microsoftonline.com/${auth.oauth2.client.azure.azure-tenant-id}/oauth2/v2.0/token
            user-info-uri: https://graph.microsoft.com/oidc/userinfo
            user-name-attribute: email
            admin-attribute: email
            admin-principals:
              - [email protected]

Expected behavior
Able to login

Screenshots
odd-access

Additional Context
My Azure credentials are correct, as I'm able to login to all other services in our organization.
@babaMar babaMar added the kind: bug Something isn't working label Oct 25, 2024
@babaMar babaMar changed the title Cannot connect with Azure Identity Provider Cannot connect to ODD Platform after configuring Azure Identity Provider Oct 25, 2024
@RamanDamayeu
Copy link
Contributor

Related tickets:

  1. Add Azure as supported identity provider #1162
  2. Azure integration #1216

@babaMar
Copy link
Author

babaMar commented Nov 19, 2024

Some debug logs:

2024-11-19T16:01:07.709Z DEBUG 1 --- [or-http-epoll-3] o.s.s.w.s.u.m.OrServerWebExchangeMatcher : Trying to match using PathMatcherServerWebExchangeMatcher{pattern='/api/referencedata/table/{lookup_table_id}/data', method=POST}
2024-11-19T16:01:07.709Z DEBUG 1 --- [or-http-epoll-4] o.s.s.w.s.a.AuthorizationWebFilter       : Authorization failed: Access Denied
2024-11-19T16:01:07.709Z DEBUG 1 --- [or-http-epoll-3] athPatternParserServerWebExchangeMatcher : Request 'GET /' doesn't match 'POST /api/referencedata/table/{lookup_table_id}/data'
2024-11-19T16:01:07.709Z DEBUG 1 --- [or-http-epoll-3] o.s.s.w.s.u.m.OrServerWebExchangeMatcher : No matches found
2024-11-19T16:01:07.709Z DEBUG 1 --- [or-http-epoll-3] o.s.s.w.s.u.m.OrServerWebExchangeMatcher : Trying to match using PathMatcherServerWebExchangeMatcher{pattern='/api/referencedata/table/{lookup_table_id}/data/{row_id}', method=PUT}
2024-11-19T16:01:07.709Z DEBUG 1 --- [or-http-epoll-3] athPatternParserServerWebExchangeMatcher : Request 'GET /' doesn't match 'PUT /api/referencedata/table/{lookup_table_id}/data/{row_id}'
2024-11-19T16:01:07.709Z DEBUG 1 --- [or-http-epoll-3] o.s.s.w.s.u.m.OrServerWebExchangeMatcher : No matches found
2024-11-19T16:01:07.709Z DEBUG 1 --- [or-http-epoll-3] o.s.s.w.s.u.m.OrServerWebExchangeMatcher : Trying to match using PathMatcherServerWebExchangeMatcher{pattern='/api/referencedata/table/{lookup_table_id}/data/{row_id}', method=DELETE}
2024-11-19T16:01:07.709Z DEBUG 1 --- [or-http-epoll-3] athPatternParserServerWebExchangeMatcher : Request 'GET /' doesn't match 'DELETE /api/referencedata/table/{lookup_table_id}/data/{row_id}'
2024-11-19T16:01:07.709Z DEBUG 1 --- [or-http-epoll-3] o.s.s.w.s.u.m.OrServerWebExchangeMatcher : No matches found
2024-11-19T16:01:07.709Z DEBUG 1 --- [or-http-epoll-3] o.s.s.w.s.u.m.OrServerWebExchangeMatcher : Trying to match using PathMatcherServerWebExchangeMatcher{pattern='/**', method=null}
2024-11-19T16:01:07.709Z DEBUG 1 --- [or-http-epoll-3] athPatternParserServerWebExchangeMatcher : Checking match of request : '/'; against '/**'
2024-11-19T16:01:07.709Z DEBUG 1 --- [or-http-epoll-3] o.s.s.w.s.u.m.OrServerWebExchangeMatcher : matched
2024-11-19T16:01:07.710Z DEBUG 1 --- [or-http-epoll-3] a.DelegatingReactiveAuthorizationManager : Checking authorization on '/' using org.springframework.security.authorization.AuthenticatedReactiveAuthorizationManager@1672486c
2024-11-19T16:01:07.710Z DEBUG 1 --- [or-http-epoll-3] ebSessionServerSecurityContextRepository : No SecurityContext found in WebSession: 'org.springframework.session.web.server.session.SpringSessionWebSessionStore$SpringSessionWebSession@3a366ec'
2024-11-19T16:01:07.715Z DEBUG 1 --- [or-http-epoll-4] ebSessionServerSecurityContextRepository : No SecurityContext found in WebSession: 'org.springframework.session.web.server.session.SpringSessionWebSessionStore$SpringSessionWebSession@616568ac'
2024-11-19T16:01:07.715Z DEBUG 1 --- [or-http-epoll-3] o.s.s.w.s.a.AuthorizationWebFilter       : Authorization failed: Access Denied
2024-11-19T16:01:07.715Z DEBUG 1 --- [or-http-epoll-4] DelegatingServerAuthenticationEntryPoint : Trying to match using AndServerWebExchangeMatcher{matchers=[NegatedServerWebExchangeMatcher{matcher=org.springframework.security.config.web.server.ServerHttpSecurity$OAuth2LoginSpec$$Lambda$1252/0x00000008015542d8@1288d014}, NegatedServerWebExchangeMatcher{matcher=AndServerWebExchangeMatcher{matchers=[OrServerWebExchangeMatcher{matchers=[PathMatcherServerWebExchangeMatcher{pattern='/login', method=null}, PathMatcherServerWebExchangeMatcher{pattern='/favicon.ico', method=null}]}, AndServerWebExchangeMatcher{matchers=[NegatedServerWebExchangeMatcher{matcher=org.springframework.security.config.web.server.ServerHttpSecurity$OAuth2LoginSpec$$Lambda$1252/0x00000008015542d8@1288d014}, MediaTypeRequestMatcher [matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]]}]}}]}
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-4] .s.s.w.s.u.m.AndServerWebExchangeMatcher : Trying to match using NegatedServerWebExchangeMatcher{matcher=org.springframework.security.config.web.server.ServerHttpSecurity$OAuth2LoginSpec$$Lambda$1252/0x00000008015542d8@1288d014}
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-4] .w.s.u.m.NegatedServerWebExchangeMatcher : matches = true
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-4] .s.s.w.s.u.m.AndServerWebExchangeMatcher : Trying to match using NegatedServerWebExchangeMatcher{matcher=AndServerWebExchangeMatcher{matchers=[OrServerWebExchangeMatcher{matchers=[PathMatcherServerWebExchangeMatcher{pattern='/login', method=null}, PathMatcherServerWebExchangeMatcher{pattern='/favicon.ico', method=null}]}, AndServerWebExchangeMatcher{matchers=[NegatedServerWebExchangeMatcher{matcher=org.springframework.security.config.web.server.ServerHttpSecurity$OAuth2LoginSpec$$Lambda$1252/0x00000008015542d8@1288d014}, MediaTypeRequestMatcher [matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]]}]}}
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-4] .s.s.w.s.u.m.AndServerWebExchangeMatcher : Trying to match using OrServerWebExchangeMatcher{matchers=[PathMatcherServerWebExchangeMatcher{pattern='/login', method=null}, PathMatcherServerWebExchangeMatcher{pattern='/favicon.ico', method=null}]}
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-4] o.s.s.w.s.u.m.OrServerWebExchangeMatcher : Trying to match using PathMatcherServerWebExchangeMatcher{pattern='/login', method=null}
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-4] athPatternParserServerWebExchangeMatcher : Request 'GET /' doesn't match 'null /login'
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-4] o.s.s.w.s.u.m.OrServerWebExchangeMatcher : Trying to match using PathMatcherServerWebExchangeMatcher{pattern='/favicon.ico', method=null}
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-4] athPatternParserServerWebExchangeMatcher : Request 'GET /' doesn't match 'null /favicon.ico'
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-4] o.s.s.w.s.u.m.OrServerWebExchangeMatcher : No matches found
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-4] .s.s.w.s.u.m.AndServerWebExchangeMatcher : Did not match
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-4] .w.s.u.m.NegatedServerWebExchangeMatcher : matches = true
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-4] .s.s.w.s.u.m.AndServerWebExchangeMatcher : All requestMatchers returned true
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-4] DelegatingServerAuthenticationEntryPoint : Match found! Executing org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint@3fadfd7a
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-4] .s.s.w.s.u.m.AndServerWebExchangeMatcher : Trying to match using OrServerWebExchangeMatcher{matchers=[PathMatcherServerWebExchangeMatcher{pattern='/**', method=GET}]}
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-4] o.s.s.w.s.u.m.OrServerWebExchangeMatcher : Trying to match using PathMatcherServerWebExchangeMatcher{pattern='/**', method=GET}
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-4] athPatternParserServerWebExchangeMatcher : Checking match of request : '/'; against '/**'
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-4] o.s.s.w.s.u.m.OrServerWebExchangeMatcher : matched
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-4] .s.s.w.s.u.m.AndServerWebExchangeMatcher : Trying to match using NegatedServerWebExchangeMatcher{matcher=OrServerWebExchangeMatcher{matchers=[PathMatcherServerWebExchangeMatcher{pattern='/favicon.*', method=null}]}}
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-4] o.s.s.w.s.u.m.OrServerWebExchangeMatcher : Trying to match using PathMatcherServerWebExchangeMatcher{pattern='/favicon.*', method=null}
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-4] athPatternParserServerWebExchangeMatcher : Request 'GET /' doesn't match 'null /favicon.*'
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-4] o.s.s.w.s.u.m.OrServerWebExchangeMatcher : No matches found
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-4] .w.s.u.m.NegatedServerWebExchangeMatcher : matches = true
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-4] .s.s.w.s.u.m.AndServerWebExchangeMatcher : Trying to match using MediaTypeRequestMatcher [matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[*/*]]
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-4] .s.u.m.MediaTypeServerWebExchangeMatcher : httpRequestMediaTypes=[]
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-4] .s.u.m.MediaTypeServerWebExchangeMatcher : Did not match any media types
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-4] .s.s.w.s.u.m.AndServerWebExchangeMatcher : Did not match
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-4] o.s.s.w.s.DefaultServerRedirectStrategy  : Redirecting to '/oauth2/authorization/azure'
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-3] ebSessionServerSecurityContextRepository : No SecurityContext found in WebSession: 'org.springframework.session.web.server.session.SpringSessionWebSessionStore$SpringSessionWebSession@3a366ec'
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-3] DelegatingServerAuthenticationEntryPoint : Trying to match using AndServerWebExchangeMatcher{matchers=[NegatedServerWebExchangeMatcher{matcher=org.springframework.security.config.web.server.ServerHttpSecurity$OAuth2LoginSpec$$Lambda$1252/0x00000008015542d8@1288d014}, NegatedServerWebExchangeMatcher{matcher=AndServerWebExchangeMatcher{matchers=[OrServerWebExchangeMatcher{matchers=[PathMatcherServerWebExchangeMatcher{pattern='/login', method=null}, PathMatcherServerWebExchangeMatcher{pattern='/favicon.ico', method=null}]}, AndServerWebExchangeMatcher{matchers=[NegatedServerWebExchangeMatcher{matcher=org.springframework.security.config.web.server.ServerHttpSecurity$OAuth2LoginSpec$$Lambda$1252/0x00000008015542d8@1288d014}, MediaTypeRequestMatcher [matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]]}]}}]}
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-3] .s.s.w.s.u.m.AndServerWebExchangeMatcher : Trying to match using NegatedServerWebExchangeMatcher{matcher=org.springframework.security.config.web.server.ServerHttpSecurity$OAuth2LoginSpec$$Lambda$1252/0x00000008015542d8@1288d014}
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-3] .w.s.u.m.NegatedServerWebExchangeMatcher : matches = true
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-3] .s.s.w.s.u.m.AndServerWebExchangeMatcher : Trying to match using NegatedServerWebExchangeMatcher{matcher=AndServerWebExchangeMatcher{matchers=[OrServerWebExchangeMatcher{matchers=[PathMatcherServerWebExchangeMatcher{pattern='/login', method=null}, PathMatcherServerWebExchangeMatcher{pattern='/favicon.ico', method=null}]}, AndServerWebExchangeMatcher{matchers=[NegatedServerWebExchangeMatcher{matcher=org.springframework.security.config.web.server.ServerHttpSecurity$OAuth2LoginSpec$$Lambda$1252/0x00000008015542d8@1288d014}, MediaTypeRequestMatcher [matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]]}]}}
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-3] .s.s.w.s.u.m.AndServerWebExchangeMatcher : Trying to match using OrServerWebExchangeMatcher{matchers=[PathMatcherServerWebExchangeMatcher{pattern='/login', method=null}, PathMatcherServerWebExchangeMatcher{pattern='/favicon.ico', method=null}]}
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-3] o.s.s.w.s.u.m.OrServerWebExchangeMatcher : Trying to match using PathMatcherServerWebExchangeMatcher{pattern='/login', method=null}
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-3] athPatternParserServerWebExchangeMatcher : Request 'GET /' doesn't match 'null /login'
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-3] o.s.s.w.s.u.m.OrServerWebExchangeMatcher : Trying to match using PathMatcherServerWebExchangeMatcher{pattern='/favicon.ico', method=null}
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-3] athPatternParserServerWebExchangeMatcher : Request 'GET /' doesn't match 'null /favicon.ico'
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-3] o.s.s.w.s.u.m.OrServerWebExchangeMatcher : No matches found
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-3] .s.s.w.s.u.m.AndServerWebExchangeMatcher : Did not match
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-3] .w.s.u.m.NegatedServerWebExchangeMatcher : matches = true
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-3] .s.s.w.s.u.m.AndServerWebExchangeMatcher : All requestMatchers returned true
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-3] DelegatingServerAuthenticationEntryPoint : Match found! Executing org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint@3fadfd7a
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-3] .s.s.w.s.u.m.AndServerWebExchangeMatcher : Trying to match using OrServerWebExchangeMatcher{matchers=[PathMatcherServerWebExchangeMatcher{pattern='/**', method=GET}]}
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-3] o.s.s.w.s.u.m.OrServerWebExchangeMatcher : Trying to match using PathMatcherServerWebExchangeMatcher{pattern='/**', method=GET}
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-3] athPatternParserServerWebExchangeMatcher : Checking match of request : '/'; against '/**'
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-3] o.s.s.w.s.u.m.OrServerWebExchangeMatcher : matched
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-3] .s.s.w.s.u.m.AndServerWebExchangeMatcher : Trying to match using NegatedServerWebExchangeMatcher{matcher=OrServerWebExchangeMatcher{matchers=[PathMatcherServerWebExchangeMatcher{pattern='/favicon.*', method=null}]}}
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-3] o.s.s.w.s.u.m.OrServerWebExchangeMatcher : Trying to match using PathMatcherServerWebExchangeMatcher{pattern='/favicon.*', method=null}
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-3] athPatternParserServerWebExchangeMatcher : Request 'GET /' doesn't match 'null /favicon.*'
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-3] o.s.s.w.s.u.m.OrServerWebExchangeMatcher : No matches found
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-3] .w.s.u.m.NegatedServerWebExchangeMatcher : matches = true
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-3] .s.s.w.s.u.m.AndServerWebExchangeMatcher : Trying to match using MediaTypeRequestMatcher [matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[*/*]]
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-3] .s.u.m.MediaTypeServerWebExchangeMatcher : httpRequestMediaTypes=[]
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-3] .s.u.m.MediaTypeServerWebExchangeMatcher : Did not match any media types
2024-11-19T16:01:07.716Z DEBUG 1 --- [or-http-epoll-3] .s.s.w.s.u.m.AndServerWebExchangeMatcher : Did not match
2024-11-19T16:01:07.717Z DEBUG 1 --- [or-http-epoll-3] o.s.s.w.s.DefaultServerRedirectStrategy  : Redirecting to '/oauth2/authorization/azure'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Vladysl Vladysl

Labels
kind: bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@babaMar @RamanDamayeu @Vladysl