Git Product home page Git Product logo

Comments (5)

vodanet avatar vodanet commented on June 20, 2024 1

@tlsabara Thank you!!!
That helped.
Now it works as desired.

from authentik.

BeryJu avatar BeryJu commented on June 20, 2024

you should be able to find a more detailed error message in your argocd or dex container logs

from authentik.

vodanet avatar vodanet commented on June 20, 2024

Argocd-Dex-Server LOG:

time="2024-03-25T09:59:25Z" level=info msg="ArgoCD Dex Server is starting" built="2024-03-01T21:24:51Z" commit=fcf5d8c2381b68ab1621b90be63913b12cca2eb7 namespace=argocd version=v2.10.2+fcf5d8c
time="2024-03-25T09:59:25Z" level=info msg="Generating self-signed TLS certificate for this session"
time="2024-03-25T09:59:25Z" level=info msg="Starting configmap/secret informers"
time="2024-03-25T09:59:25Z" level=info msg="Configmap/secret informer synced"
time="2024-03-25T09:59:25Z" level=info msg="0xc000de9ec0 subscribed to settings updates"
time="2024-03-25T09:59:25Z" level=info msg="Dex Version: v2.37.0-dirty, Go Version: go1.20.4, Go OS/ARCH: linux amd64"
time="2024-03-25T09:59:25Z" level=info msg="config issuer: https://argocd./api/dex"
time="2024-03-25T09:59:25Z" level=info msg="config storage: memory"
time="2024-03-25T09:59:25Z" level=info msg="config static client: Argo CD"
time="2024-03-25T09:59:25Z" level=info msg="config static client: Argo CD CLI"
time="2024-03-25T09:59:25Z" level=info msg="config static client: Argo CD PKCE"
time="2024-03-25T09:59:25Z" level=info msg="config connector: authentik"
time="2024-03-25T09:59:25Z" level=info msg="config skipping approval screen"
time="2024-03-25T09:59:25Z" level=info msg="config refresh tokens rotation enabled: true"
time="2024-03-25T09:59:25Z" level=info msg="keys expired, rotating"
time="2024-03-25T09:59:26Z" level=info msg="keys rotated, next rotation: 2024-03-25 15:59:26.286488383 +0000 UTC"
time="2024-03-25T09:59:26Z" level=info msg="listening (telemetry) on 0.0.0.0:5558"
time="2024-03-25T09:59:26Z" level=info msg="listening (https) on 0.0.0.0:5556"
time="2024-03-25T09:59:26Z" level=info msg="listening (grpc) on 0.0.0.0:5557"
time="2024-03-25T10:06:12Z" level=error msg="Failed to authenticate: missing "name" claim"
time="2024-03-25T13:20:03Z" level=error msg="Failed to authenticate: missing "name" claim"

from authentik.

vodanet avatar vodanet commented on June 20, 2024

I set up argocd and authentik again and configured everything according to the instructions and get the same error with the following logs.

server log:
time="2024-03-28T06:39:31Z" level=info msg="ArgoCD API Server is starting" built="2024-03-18T08:09:23Z" commit=f5d63a5c77d2e804e51ef94bee3db441e0789d00 namespace=argocd port=8080 version=v2.10.4+f5d63a5
time="2024-03-28T06:39:31Z" level=info msg="Starting configmap/secret informers"
time="2024-03-28T06:39:31Z" level=info msg="Configmap/secret informer synced"
time="2024-03-28T06:39:31Z" level=info msg="invalidated cache for resource in namespace: argocd with the name: argocd-notifications-cm"
time="2024-03-28T06:39:31Z" level=info msg="invalidated cache for resource in namespace: argocd with the name: argocd-notifications-secret"
time="2024-03-28T06:39:31Z" level=info msg="Creating client app (argo-cd)"
time="2024-03-28T06:39:31Z" level=info msg="argocd v2.10.4+f5d63a5 serving on port 8080 (url: https://argocd.domain, tls: false, namespace: argocd, sso: true)"
time="2024-03-28T06:39:31Z" level=info msg="Enabled application namespace patterns: argocd"
time="2024-03-28T06:39:31Z" level=info msg="0xc0012fbb60 subscribed to settings updates"
time="2024-03-28T06:39:31Z" level=info msg="Starting rbac config informer"
time="2024-03-28T06:39:31Z" level=info msg="RBAC ConfigMap 'argocd-rbac-cm' added"
time="2024-03-28T06:40:15Z" level=info msg="received unary call /version.VersionService/Version" grpc.method=Version grpc.request.content= grpc.service=version.VersionService grpc.start_time="2024-03-28T06:40:15Z" span.kind=server system=grpc
time="2024-03-28T06:40:15Z" level=info msg="finished unary call with code OK" grpc.code=OK grpc.method=Version grpc.service=version.VersionService grpc.start_time="2024-03-28T06:40:15Z" grpc.time_ms=0.784 span.kind=server system=grpc
time="2024-03-28T06:40:15Z" level=info msg="received unary call /cluster.SettingsService/Get" grpc.method=Get grpc.request.content= grpc.service=cluster.SettingsService grpc.start_time="2024-03-28T06:40:15Z" span.kind=server system=grpc
time="2024-03-28T06:40:15Z" level=info msg="finished unary call with code OK" grpc.code=OK grpc.method=Get grpc.service=cluster.SettingsService grpc.start_time="2024-03-28T06:40:15Z" grpc.time_ms=1.014 span.kind=server system=grpc
time="2024-03-28T06:40:15Z" level=info msg="received unary call /cluster.SettingsService/Get" grpc.method=Get grpc.request.content= grpc.service=cluster.SettingsService grpc.start_time="2024-03-28T06:40:15Z" span.kind=server system=grpc
time="2024-03-28T06:40:15Z" level=info msg="finished unary call with code OK" grpc.code=OK grpc.method=Get grpc.service=cluster.SettingsService grpc.start_time="2024-03-28T06:40:15Z" grpc.time_ms=1.915 span.kind=server system=grpc
time="2024-03-28T06:40:15Z" level=info msg="received unary call /session.SessionService/GetUserInfo" grpc.method=GetUserInfo grpc.request.content= grpc.service=session.SessionService grpc.start_time="2024-03-28T06:40:15Z" span.kind=server system=grpc
time="2024-03-28T06:40:15Z" level=info msg="finished unary call with code OK" grpc.code=OK grpc.method=GetUserInfo grpc.service=session.SessionService grpc.start_time="2024-03-28T06:40:15Z" grpc.time_ms=0.514 span.kind=server system=grpc
time="2024-03-28T06:40:23Z" level=info msg="Initializing OIDC provider (issuer: https://argocd.domain/api/dex)"
time="2024-03-28T06:40:23Z" level=info msg="OIDC supported scopes: [openid email groups profile offline_access]"
time="2024-03-28T06:40:23Z" level=info msg="Performing authorization_code flow login: https://argocd.domain/api/dex/auth?client_id=argo-cd&redirect_uri=https%3A%2F%2Fargocd.domain%2Fauth%2Fcallback&response_type=code&scope=openid+profile+email+groups&state=NfNjvPLcKfvgJFMUjdbIJflm"
time="2024-03-28T06:40:25Z" level=error msg="received error from dex: \n\n \n <meta charset="utf-8">\n <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">\n <title>dex</title>\n <meta name="viewport" content="width=device-width, initial-scale=1.0">\n <link href="static/main.css" rel="stylesheet">\n <link href="theme/styles.css" rel="stylesheet">\n <link rel="icon" href="theme/favicon.png">\n \n\n <body class="theme-body">\n <div class="theme-navbar">\n <div class="theme-navbar__logo-wrap">\n <img class="theme-navbar__logo" src="theme/logo.png">\n \n \n\n <div class="dex-container">\n\n\n<div class="theme-panel">\n <h2 class="theme-heading">Internal Server Error\n

Failed to authenticate: oidc: failed to get token: oauth2: "invalid_client" "Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method)"

\n\n\n \n \n\n\n" security=2
time="2024-03-28T06:40:25Z" level=info msg="received unary call /version.VersionService/Version" grpc.method=Version grpc.request.content= grpc.service=version.VersionService grpc.start_time="2024-03-28T06:40:25Z" span.kind=server system=grpc
time="2024-03-28T06:40:25Z" level=info msg="finished unary call with code OK" grpc.code=OK grpc.method=Version grpc.service=version.VersionService grpc.start_time="2024-03-28T06:40:25Z" grpc.time_ms=1.278 span.kind=server system=grpc
time="2024-03-28T06:40:25Z" level=info msg="received unary call /cluster.SettingsService/Get" grpc.method=Get grpc.request.content= grpc.service=cluster.SettingsService grpc.start_time="2024-03-28T06:40:25Z" span.kind=server system=grpc
time="2024-03-28T06:40:25Z" level=info msg="finished unary call with code OK" grpc.code=OK grpc.method=Get grpc.service=cluster.SettingsService grpc.start_time="2024-03-28T06:40:25Z" grpc.time_ms=2.03 span.kind=server system=grpc
time="2024-03-28T06:40:25Z" level=info msg="received unary call /cluster.SettingsService/Get" grpc.method=Get grpc.request.content= grpc.service=cluster.SettingsService grpc.start_time="2024-03-28T06:40:25Z" span.kind=server system=grpc
time="2024-03-28T06:40:25Z" level=info msg="finished unary call with code OK" grpc.code=OK grpc.method=Get grpc.service=cluster.SettingsService grpc.start_time="2024-03-28T06:40:25Z" grpc.time_ms=1.399 span.kind=server system=grpc
time="2024-03-28T06:40:25Z" level=info msg="received unary call /session.SessionService/GetUserInfo" grpc.method=GetUserInfo grpc.request.content= grpc.service=session.SessionService grpc.start_time="2024-03-28T06:40:25Z" span.kind=server system=grpc
time="2024-03-28T06:40:25Z" level=info msg="finished unary call with code OK" grpc.code=OK grpc.method=GetUserInfo grpc.service=session.SessionService grpc.start_time="2024-03-28T06:40:25Z" grpc.time_ms=0.571 span.kind=server system=grpc

dex-server log:
time="2024-03-28T06:39:30Z" level=info msg="ArgoCD Dex Server is starting" built="2024-03-18T08:09:23Z" commit=f5d63a5c77d2e804e51ef94bee3db441e0789d00 namespace=argocd version=v2.10.4+f5d63a5
time="2024-03-28T06:39:30Z" level=info msg="Generating self-signed TLS certificate for this session"
time="2024-03-28T06:39:30Z" level=info msg="Starting configmap/secret informers"
time="2024-03-28T06:39:30Z" level=info msg="Configmap/secret informer synced"
time="2024-03-28T06:39:30Z" level=info msg="0xc000b62900 subscribed to settings updates"
time="2024-03-28T06:39:30Z" level=info msg="Dex Version: v2.38.0, Go Version: go1.21.6, Go OS/ARCH: linux amd64"
time="2024-03-28T06:39:30Z" level=info msg="config issuer: https://argocd.domain/api/dex"
time="2024-03-28T06:39:30Z" level=info msg="config storage: memory"
time="2024-03-28T06:39:30Z" level=info msg="config static client: Argo CD"
time="2024-03-28T06:39:30Z" level=info msg="config static client: Argo CD CLI"
time="2024-03-28T06:39:30Z" level=info msg="config static client: Argo CD PKCE"
time="2024-03-28T06:39:30Z" level=info msg="config connector: authentik"
time="2024-03-28T06:39:30Z" level=info msg="config skipping approval screen"
time="2024-03-28T06:39:30Z" level=info msg="config refresh tokens rotation enabled: true"
time="2024-03-28T06:39:30Z" level=info msg="keys expired, rotating"
time="2024-03-28T06:39:31Z" level=info msg="keys rotated, next rotation: 2024-03-28 12:39:31.164983009 +0000 UTC"
time="2024-03-28T06:39:31Z" level=info msg="listening (telemetry) on 0.0.0.0:5558"
time="2024-03-28T06:39:31Z" level=info msg="listening (https) on 0.0.0.0:5556"
time="2024-03-28T06:39:31Z" level=info msg="listening (grpc) on 0.0.0.0:5557"
time="2024-03-28T06:40:25Z" level=error msg="Failed to authenticate: oidc: failed to get token: oauth2: "invalid_client" "Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method)""

from authentik.

tlsabara avatar tlsabara commented on June 20, 2024

Hello!

I had the same problem and managed to solve it with the following changes

  • changing the value of "dex.authentik.clientSecret" in secret "argocd-secret", changing the clientSecret to base64 (Ex: echo -n client_secret_string | base64).
  • in the authentik in my redirect url, I applied a regex that validates the domain of the url only, which can be from any uri of the domain (Ex: ^https://argocd\.mydomain\.com\.br/.*$).

I hope it helps.

from authentik.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.