https://flyte.org logo
#ask-the-community
Title
# ask-the-community
d

Devendra Johari

02/20/2024, 1:28 PM
Hi All, I am trying to apply Authentication in flyte by following this article https://docs.flyte.org/en/latest/deployment/configuration/auth_setup.html Also used this article to solve "securecookie value too long " error. https://github.com/flyteorg/flyte/pull/4863/files and this securecookie value too long error is solved. But now a new error came up which is "Error reading secure cookie flyte_idt securecookie: base64 decode failed - caused by: illegal base64 data at input byte 10". {"json":{"src":"entrypoint.go:96"},"level":"info","msg":"Failed to create MutatingWebhookConfiguration. Will attempt to update. Error: mutatingwebhookconfigurations.admissionregistration.k8s.io \"flyte-binary-webhook\" already exists","ts":"2024-02-20T131627Z"} {"json":{"src":"cookie.go:106","x-request-id":"7ad600c65f77a6ea6122172fa0ae240b"},"level":"error","msg":"Error reading secure cookie flyte_idt securecookie: base64 decode failed - caused by: illegal base64 data at input byte 10","ts":"2024-02-20T131718Z"} {"json":{"src":"cookie.go:87","x-request-id":"7ad600c65f77a6ea6122172fa0ae240b"},"level":"error","msg":"Error reading existing secure cookie [flyte_idt]. Error: [SECURE_COOKIE_ERROR] Error reading secure cookie flyte_idt, caused by: securecookie: base64 decode failed - caused by: illegal base64 data at input byte 10","ts":"2024-02-20T131718Z"} I am using Microsoft Azure AD as IdP. and In it's log it is showing Authentication is successful but on opening the flyte console url it is showing unauthorized user 401 error. Can you guys please help me out. Thank you. This error is also there! {"json":{"src":"token.go:80"},"level":"debug","msg":"Could not retrieve bearer token from metadata rpc error: code = Unauthenticated desc = Request unauthenticated with Bearer","ts":"2024-02-20T131718Z"} {"json":{"src":"handlers.go:303"},"level":"info","msg":"Failed to parse Access Token from context. Will attempt to find IDToken. Error: [JWT_VERIFICATION_FAILED] Could not retrieve bearer token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with Bearer","ts":"2024-02-20T131718Z"} {"json":{"src":"token.go:100"},"level":"debug","msg":"Could not retrieve id token from metadata rpc error: code = Unauthenticated desc = Request unauthenticated with IDToken","ts":"2024-02-20T131718Z"}
d

David Espejo (he/him)

02/20/2024, 8:51 PM
@Devendra Johari did you uninstall Flyte and then re-install at some point? I'm curious about this message:
Error: <http://mutatingwebhookconfigurations.admissionregistration.k8s.io|mutatingwebhookconfigurations.admissionregistration.k8s.io> \"flyte-binary-webhook\" already exists
y

Yee

02/21/2024, 3:18 AM
given the byte error, this feels like an issue with the secure cookie too long handling
might be a red herring but could you maybe poke around that to see if it’s valid? like see if you can decode it manually
d

Devendra Johari

02/21/2024, 11:58 AM
Yes it might be related to secure cookie length. I tried to use split token approach to solve that and do necessary changes in cookie.go and cookie_manager.go file. Although when i use latest flyte repo(without any change in go code) It shows Access denied error on login. While after doing changes as per the repository i included above. It is showing 401 Unauthorized with pod logs of securecookie base64 error. Can you suggest like what changes should I do to get rid of this base64 error throws by ReadSecureCookie function in cookie.go file of flyteadmin folder.
d

David Espejo (he/him)

02/21/2024, 4:09 PM
@Ingo Kemmerzell is also facing the same issue
d

Devendra Johari

02/21/2024, 4:12 PM
We both are working in the same team😅
y

Yee

02/21/2024, 5:14 PM
if you don’t make any changes, isn’t the cookie too long?
d

David Espejo (he/him)

03/21/2024, 3:22 PM
@Devendra Johari is this still an issue in your environment?
2 Views