Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oidc redirects back to a url with :3000 appended on, need it not to do that #2186

Closed
lknite opened this issue Feb 7, 2023 · 1 comment
Closed

oidc redirects back to a url with :3000 appended on, need it not to do that #2186

lknite opened this issue Feb 7, 2023 · 1 comment

Comments

@lknite
Copy link

lknite commented Feb 7, 2023

I've got an ingress working w/ https.

But when I configure oidc and go to log in, though I log in successfully, the redirect appends a ':3000' causing things not work.

I can add the url with the :3000 to work on the identity server side, allowing the login to complete, but the redirect fails cause it needs to go to https:// ... not https://:3000 .

What's needed in the values.yaml to turn that off?

My existing values.yaml

grafana:

#  extraExposePorts:
#  - name: https
#    port: 443
#    targetPort: 3000

  ingress:
    enabled: true
    ingressClassName: nginx
    hosts:
    - grafana.k.home.net
    tls:
    - secretName: grafana.k.home.net-tls
      hosts:
      - grafana.k.home.net
    annotations:
      cert-manager.io/issuer: "cluster-adcs-issuer"                   #use specific name of issuer
      cert-manager.io/issuer-kind: "ClusterAdcsIssuer"                #or ClusterAdcsIssuer
      cert-manager.io/issuer-group: "adcs.certmanager.csf.nokia.com"

  extraVolumeMounts:
  - mountPath: "/etc/ssl/certs"
    name: ca-bundle
  extraVolumes:
  - name: ca-bundle
    secret:
      secretName: ca-bundle

  grafana.ini:
    auth.generic_oauth:
        enabled: true
        client_id: defaultwithtoken
        client_secret: <hidden>
        scopes: profile email openid offline_access
        auth_url: https://keycloak.k.home.net/auth/realms/home.net/protocol/openid-connect/auth
        token_url: https://keycloak.k.home.net/auth/realms/home.net/protocol/openid-connect/token
        api_url: https://keycloak.k.home.net/auth/realms/home.net/protocol/openid-connect/userinfo
        tls_skip_verify_insecure: true
        role_attribute_path: contains(groups[*], 'platform-readonly') && 'Viewer' || contains(groups[*], 'platform-admin') && 'Admin' || contains(groups[*], 'platform-emergency') && 'Admin' || contains(groups[*], 'customer-poweruser') && 'Admin' || contains(groups[*], 'customer-collaborator') && 'Editor' || contains(groups[*], 'customer-readonly') && 'Viewer'
        allowed_domains: home.net k.home.net
        allow_sign_up: true
@lknite
Copy link
Author

lknite commented Feb 7, 2023
edited
Loading

had to add:

  grafana.ini:
    server:
      root_url: https://<url>

@lknite lknite closed this as completed Feb 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lknite