Comments (5)
@tlsabara Thank you!!!
That helped.
Now it works as desired.
from authentik.
you should be able to find a more detailed error message in your argocd or dex container logs
from authentik.
Argocd-Dex-Server LOG:
time="2024-03-25T09:59:25Z" level=info msg="ArgoCD Dex Server is starting" built="2024-03-01T21:24:51Z" commit=fcf5d8c2381b68ab1621b90be63913b12cca2eb7 namespace=argocd version=v2.10.2+fcf5d8c
time="2024-03-25T09:59:25Z" level=info msg="Generating self-signed TLS certificate for this session"
time="2024-03-25T09:59:25Z" level=info msg="Starting configmap/secret informers"
time="2024-03-25T09:59:25Z" level=info msg="Configmap/secret informer synced"
time="2024-03-25T09:59:25Z" level=info msg="0xc000de9ec0 subscribed to settings updates"
time="2024-03-25T09:59:25Z" level=info msg="Dex Version: v2.37.0-dirty, Go Version: go1.20.4, Go OS/ARCH: linux amd64"
time="2024-03-25T09:59:25Z" level=info msg="config issuer: https://argocd./api/dex"
time="2024-03-25T09:59:25Z" level=info msg="config storage: memory"
time="2024-03-25T09:59:25Z" level=info msg="config static client: Argo CD"
time="2024-03-25T09:59:25Z" level=info msg="config static client: Argo CD CLI"
time="2024-03-25T09:59:25Z" level=info msg="config static client: Argo CD PKCE"
time="2024-03-25T09:59:25Z" level=info msg="config connector: authentik"
time="2024-03-25T09:59:25Z" level=info msg="config skipping approval screen"
time="2024-03-25T09:59:25Z" level=info msg="config refresh tokens rotation enabled: true"
time="2024-03-25T09:59:25Z" level=info msg="keys expired, rotating"
time="2024-03-25T09:59:26Z" level=info msg="keys rotated, next rotation: 2024-03-25 15:59:26.286488383 +0000 UTC"
time="2024-03-25T09:59:26Z" level=info msg="listening (telemetry) on 0.0.0.0:5558"
time="2024-03-25T09:59:26Z" level=info msg="listening (https) on 0.0.0.0:5556"
time="2024-03-25T09:59:26Z" level=info msg="listening (grpc) on 0.0.0.0:5557"
time="2024-03-25T10:06:12Z" level=error msg="Failed to authenticate: missing "name" claim"
time="2024-03-25T13:20:03Z" level=error msg="Failed to authenticate: missing "name" claim"
from authentik.
I set up argocd and authentik again and configured everything according to the instructions and get the same error with the following logs.
server log:
time="2024-03-28T06:39:31Z" level=info msg="ArgoCD API Server is starting" built="2024-03-18T08:09:23Z" commit=f5d63a5c77d2e804e51ef94bee3db441e0789d00 namespace=argocd port=8080 version=v2.10.4+f5d63a5
time="2024-03-28T06:39:31Z" level=info msg="Starting configmap/secret informers"
time="2024-03-28T06:39:31Z" level=info msg="Configmap/secret informer synced"
time="2024-03-28T06:39:31Z" level=info msg="invalidated cache for resource in namespace: argocd with the name: argocd-notifications-cm"
time="2024-03-28T06:39:31Z" level=info msg="invalidated cache for resource in namespace: argocd with the name: argocd-notifications-secret"
time="2024-03-28T06:39:31Z" level=info msg="Creating client app (argo-cd)"
time="2024-03-28T06:39:31Z" level=info msg="argocd v2.10.4+f5d63a5 serving on port 8080 (url: https://argocd.domain, tls: false, namespace: argocd, sso: true)"
time="2024-03-28T06:39:31Z" level=info msg="Enabled application namespace patterns: argocd"
time="2024-03-28T06:39:31Z" level=info msg="0xc0012fbb60 subscribed to settings updates"
time="2024-03-28T06:39:31Z" level=info msg="Starting rbac config informer"
time="2024-03-28T06:39:31Z" level=info msg="RBAC ConfigMap 'argocd-rbac-cm' added"
time="2024-03-28T06:40:15Z" level=info msg="received unary call /version.VersionService/Version" grpc.method=Version grpc.request.content= grpc.service=version.VersionService grpc.start_time="2024-03-28T06:40:15Z" span.kind=server system=grpc
time="2024-03-28T06:40:15Z" level=info msg="finished unary call with code OK" grpc.code=OK grpc.method=Version grpc.service=version.VersionService grpc.start_time="2024-03-28T06:40:15Z" grpc.time_ms=0.784 span.kind=server system=grpc
time="2024-03-28T06:40:15Z" level=info msg="received unary call /cluster.SettingsService/Get" grpc.method=Get grpc.request.content= grpc.service=cluster.SettingsService grpc.start_time="2024-03-28T06:40:15Z" span.kind=server system=grpc
time="2024-03-28T06:40:15Z" level=info msg="finished unary call with code OK" grpc.code=OK grpc.method=Get grpc.service=cluster.SettingsService grpc.start_time="2024-03-28T06:40:15Z" grpc.time_ms=1.014 span.kind=server system=grpc
time="2024-03-28T06:40:15Z" level=info msg="received unary call /cluster.SettingsService/Get" grpc.method=Get grpc.request.content= grpc.service=cluster.SettingsService grpc.start_time="2024-03-28T06:40:15Z" span.kind=server system=grpc
time="2024-03-28T06:40:15Z" level=info msg="finished unary call with code OK" grpc.code=OK grpc.method=Get grpc.service=cluster.SettingsService grpc.start_time="2024-03-28T06:40:15Z" grpc.time_ms=1.915 span.kind=server system=grpc
time="2024-03-28T06:40:15Z" level=info msg="received unary call /session.SessionService/GetUserInfo" grpc.method=GetUserInfo grpc.request.content= grpc.service=session.SessionService grpc.start_time="2024-03-28T06:40:15Z" span.kind=server system=grpc
time="2024-03-28T06:40:15Z" level=info msg="finished unary call with code OK" grpc.code=OK grpc.method=GetUserInfo grpc.service=session.SessionService grpc.start_time="2024-03-28T06:40:15Z" grpc.time_ms=0.514 span.kind=server system=grpc
time="2024-03-28T06:40:23Z" level=info msg="Initializing OIDC provider (issuer: https://argocd.domain/api/dex)"
time="2024-03-28T06:40:23Z" level=info msg="OIDC supported scopes: [openid email groups profile offline_access]"
time="2024-03-28T06:40:23Z" level=info msg="Performing authorization_code flow login: https://argocd.domain/api/dex/auth?client_id=argo-cd&redirect_uri=https%3A%2F%2Fargocd.domain%2Fauth%2Fcallback&response_type=code&scope=openid+profile+email+groups&state=NfNjvPLcKfvgJFMUjdbIJflm"
time="2024-03-28T06:40:25Z" level=error msg="received error from dex: \n\n \n <meta charset="utf-8">\n <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">\n <title>dex</title>\n <meta name="viewport" content="width=device-width, initial-scale=1.0">\n <link href="static/main.css" rel="stylesheet">\n <link href="theme/styles.css" rel="stylesheet">\n <link rel="icon" href="theme/favicon.png">\n \n\n <body class="theme-body">\n <div class="theme-navbar">\n <div class="theme-navbar__logo-wrap">\n <img class="theme-navbar__logo" src="theme/logo.png">\n \n \n\n <div class="dex-container">\n\n\n<div class="theme-panel">\n <h2 class="theme-heading">Internal Server Error\n
Failed to authenticate: oidc: failed to get token: oauth2: "invalid_client" "Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method)"
\n\n\n \n \n\n\n" security=2time="2024-03-28T06:40:25Z" level=info msg="received unary call /version.VersionService/Version" grpc.method=Version grpc.request.content= grpc.service=version.VersionService grpc.start_time="2024-03-28T06:40:25Z" span.kind=server system=grpc
time="2024-03-28T06:40:25Z" level=info msg="finished unary call with code OK" grpc.code=OK grpc.method=Version grpc.service=version.VersionService grpc.start_time="2024-03-28T06:40:25Z" grpc.time_ms=1.278 span.kind=server system=grpc
time="2024-03-28T06:40:25Z" level=info msg="received unary call /cluster.SettingsService/Get" grpc.method=Get grpc.request.content= grpc.service=cluster.SettingsService grpc.start_time="2024-03-28T06:40:25Z" span.kind=server system=grpc
time="2024-03-28T06:40:25Z" level=info msg="finished unary call with code OK" grpc.code=OK grpc.method=Get grpc.service=cluster.SettingsService grpc.start_time="2024-03-28T06:40:25Z" grpc.time_ms=2.03 span.kind=server system=grpc
time="2024-03-28T06:40:25Z" level=info msg="received unary call /cluster.SettingsService/Get" grpc.method=Get grpc.request.content= grpc.service=cluster.SettingsService grpc.start_time="2024-03-28T06:40:25Z" span.kind=server system=grpc
time="2024-03-28T06:40:25Z" level=info msg="finished unary call with code OK" grpc.code=OK grpc.method=Get grpc.service=cluster.SettingsService grpc.start_time="2024-03-28T06:40:25Z" grpc.time_ms=1.399 span.kind=server system=grpc
time="2024-03-28T06:40:25Z" level=info msg="received unary call /session.SessionService/GetUserInfo" grpc.method=GetUserInfo grpc.request.content= grpc.service=session.SessionService grpc.start_time="2024-03-28T06:40:25Z" span.kind=server system=grpc
time="2024-03-28T06:40:25Z" level=info msg="finished unary call with code OK" grpc.code=OK grpc.method=GetUserInfo grpc.service=session.SessionService grpc.start_time="2024-03-28T06:40:25Z" grpc.time_ms=0.571 span.kind=server system=grpc
dex-server log:
time="2024-03-28T06:39:30Z" level=info msg="ArgoCD Dex Server is starting" built="2024-03-18T08:09:23Z" commit=f5d63a5c77d2e804e51ef94bee3db441e0789d00 namespace=argocd version=v2.10.4+f5d63a5
time="2024-03-28T06:39:30Z" level=info msg="Generating self-signed TLS certificate for this session"
time="2024-03-28T06:39:30Z" level=info msg="Starting configmap/secret informers"
time="2024-03-28T06:39:30Z" level=info msg="Configmap/secret informer synced"
time="2024-03-28T06:39:30Z" level=info msg="0xc000b62900 subscribed to settings updates"
time="2024-03-28T06:39:30Z" level=info msg="Dex Version: v2.38.0, Go Version: go1.21.6, Go OS/ARCH: linux amd64"
time="2024-03-28T06:39:30Z" level=info msg="config issuer: https://argocd.domain/api/dex"
time="2024-03-28T06:39:30Z" level=info msg="config storage: memory"
time="2024-03-28T06:39:30Z" level=info msg="config static client: Argo CD"
time="2024-03-28T06:39:30Z" level=info msg="config static client: Argo CD CLI"
time="2024-03-28T06:39:30Z" level=info msg="config static client: Argo CD PKCE"
time="2024-03-28T06:39:30Z" level=info msg="config connector: authentik"
time="2024-03-28T06:39:30Z" level=info msg="config skipping approval screen"
time="2024-03-28T06:39:30Z" level=info msg="config refresh tokens rotation enabled: true"
time="2024-03-28T06:39:30Z" level=info msg="keys expired, rotating"
time="2024-03-28T06:39:31Z" level=info msg="keys rotated, next rotation: 2024-03-28 12:39:31.164983009 +0000 UTC"
time="2024-03-28T06:39:31Z" level=info msg="listening (telemetry) on 0.0.0.0:5558"
time="2024-03-28T06:39:31Z" level=info msg="listening (https) on 0.0.0.0:5556"
time="2024-03-28T06:39:31Z" level=info msg="listening (grpc) on 0.0.0.0:5557"
time="2024-03-28T06:40:25Z" level=error msg="Failed to authenticate: oidc: failed to get token: oauth2: "invalid_client" "Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method)""
from authentik.
Hello!
I had the same problem and managed to solve it with the following changes
- changing the value of "dex.authentik.clientSecret" in secret "argocd-secret", changing the clientSecret to base64 (Ex: echo -n client_secret_string | base64).
- in the authentik in my redirect url, I applied a regex that validates the domain of the url only, which can be from any uri of the domain (Ex: ^https://argocd\.mydomain\.com\.br/.*$).
I hope it helps.
from authentik.
Related Issues (20)
- Web/Admin: Flow running returns 500 HOT 5
- Outpost doesn't generate any code in Setup HOT 2
- No page showing while accessing from iOS 15 (iPhone 7) HOT 2
- 2024.4.0 LongRunningTransaction HOT 3
- Authentik LDAP authentication
- Can't create app password on 2024.4.0 HOT 1
- Authentik broken after upgrade to version 2024.4.0: Unauthenticated after login HOT 14
- Unable to log into anything after upgrade 2024.2.2 -> 2024.4.0 HOT 1
- Using invitation data in expression policies during prompt validation HOT 3
- Sync groups as members of other groups from LDAP source (Active Directory) / Nested Groups sync. HOT 1
- GET /api/v3/flows/executor/default-authentication-flow/ HOT 1
- Policy on enrollment no longer working in `2024.4` resulting in `UserSourceConnection has no user.` HOT 3
- Authentik crashing (after Redis timeout)
- Uploading icons to a default install with Docker Compose HOT 1
- Expression policy error `builtins.KeyError: 'flow_plan'` HOT 3
- authentik ldap source synchronizes other authentik ldap outposts,How to synchronize all users?
- Remove flow inspector HOT 2
- What permission is required for a service account to create/edit token for users?
- LDAP Property Mapping not working HOT 1
- Create app password with Default token duration expiring time like token
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authentik.