SSO Integration failing

[VMRMGiz]

I have been trying to integrate kafka-ui to my company's SSO.

I have started by following the guide here

And I have used the following parameters in my docker-compose file:

  - AUTH_TYPE=OAUTH2
  - SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_AUTH0_CLIENTID=kafka-ui
  - SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_AUTH0_CLIENTSECRET=XXXXXX
  - SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_AUTH0_ISSUER_URI=https://XXXX.com:8443/
  - SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_AUTH0_SCOPE=openid

Note that I'm certain of the Issuer URI, since when I append ".well-known/openid-configuration" to it and paste in a browser I get the expected Json document.

I'm also certain of the client ID setup and the client secret (i've set them up myself in the SSO provider).

When I use these parameters however I have an error "registrations cannot be null or empty"

Error.log

I have read through the issues already posted about this and in particular this one

So I have tried to implement some more properties like the ones below

  - SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_AUTH0_AUTHORIZATION_URI=https://XXXX.com:8443/rest/auth/authcode
  - SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_AUTH0_TOKEN_URI=https://XXXX:8443/rest/1.0/accesstoken
  - SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_AUTH0_JWK_SET_URI=https://XXXX:8443/rest/1.0/idpsettings/discovery/key
  - SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_AUTH0_USER_INFO_URI=https://XXXX:8443/rest/1.0/idptoken/userinfo

(once again, all these URI have been double-checked)

Without success (same error).

I have also tried to set other "SPRING_SECURITY_OAUTH2_CLIENT" variables based on the Spring documentation

Without success (same error).

Not sure if you are going to be able to help...

Thanks in advance

[Haarolean]

Hi, we use our custom configuration properties for authentication (mostly), so they don't start with spring.* unlike in your example.
Please take a look at our documentation: OAuth2 Authentication
Also, yaml<->envvars config converter, here

[VMRMGiz]

Thanks @Haarolean that helped a lot.

Can I suggest for the SSO Guide to be updated, as it still mentions some docker environment variables that start with SPRING_*

Otherwise, for other who are trying to do the same I'll share my docker environment variables I ended up using here:

  - AUTH_TYPE=OAUTH2
  - AUTH_OAUTH2_CLIENT_SSO_CLIENTID=kafka-ui
  - AUTH_OAUTH2_CLIENT_SSO_CLIENTSECRET=<secretcode>
  - AUTH_OAUTH2_CLIENT_SSO_SCOPE=openid
  - AUTH_OAUTH2_CLIENT_SSO_CLIENT_NAME=Kafka-ui
  - AUTH_OAUTH2_CLIENT_SSO_PROVIDER=<Provider name>
  - AUTH_OAUTH2_CLIENT_SSO_REDIRECT_URI=https://ui-for-apache-kafka:8080
  - AUTH_OAUTH2_CLIENT_SSO_AUTHORIZATION_GRANT_TYPE=authorization_code
  - AUTH_OAUTH2_CLIENT_SSO_JWK_SET_URI=https://<my SSO address>/rest/1.0/idpsettings/discovery/key
  - AUTH_OAUTH2_CLIENT_SSO_AUTHORIZATION_URI=https://<my SSO address>/rest/auth/authcode
  - AUTH_OAUTH2_CLIENT_SSO_TOKEN_URI=https://<my SSO address>/rest/1.0/accesstoken
  - AUTH_OAUTH2_CLIENT_SSO_USER_INFO_URI=https://<my SSO address>/rest/1.0/idptoken/userinfo
  - AUTH_OAUTH2_CLIENT_SSO_USER_NAME_ATTRIBUTE=LoginName

[Haarolean]

@VMRMGiz sure, feel free to raise a PR, the documentation is located in docs branch. Although, SSO guide seems really outdated, not sure if we should even support it (in favor of authentication page).