adventurous-crowd-12239
02/17/2023, 4:49 PMserver:
security:
secure: false
useAuth: true
auth:
authorizedUris:
- https://<my public domain>
- <http://flyteadmin:80>
- <http://flyteadmin.mlops-services.svc.cluster.local:80>
userAuth:
redirectUrl: https://<my app url>/callback # Also added to redirect URI:s in Azure portal
openId:
baseUrl: <https://login.microsoftonline.com/><my tenant>/v2.0
scopes:
- email
- openid
clientId: <My client id from Azure portal>
I have the client secret in flyte-admin-secrets:
data:
oidc_client_secret: <base64 encoded client_secret from Azure portal>
Ingress rule looks like this:
- backend:
service:
name: flyteadmin
port:
number: 80
path: /callback
pathType: ImplementationSpecific
- backend:
service:
name: flyteadmin
port:
number: 80
path: /callback/*
pathType: ImplementationSpecific
Trying to access the public domain, the response is:
Access to <my domain> was denied
You don't have the user rights to view this page
HTTP error 403
Looking at the logs from flyte admin it seems to be failing during the callback:
{"json":{},"level":"error","msg":"Failed to retrieve tokens from request, redirecting to login handler. Error: [EMPTY_OAUTH_TOKEN] Failure to retrieve cookie [flyte_idt], caused by: http: named cookie not present","ts":"2023-02-17T13:04:21Z"}
{"json":{},"level":"error","msg":"Error generating encrypted accesstoken cookie [SECURE_COOKIE_ERROR] Error creating secure cookie, caused by: securecookie: the value is too long","ts":"2023-02-17T13:04:22Z"}
{"json":{},"level":"error","msg":"Error setting encrypted JWT cookie [SECURE_COOKIE_ERROR] Error creating secure cookie, caused by: securecookie: the value is too long","ts":"2023-02-17T13:04:22Z"}
It seems the generated cookie only is of length ~1400
I have tried different changes in the flyteadmin configmap, with the same result.
Any advice on how to continue here?average-finland-92144
02/17/2023, 5:28 PMkubectl get secrets/flyte-admin-secrets --template='{{.data.oidc_client_secret | base64decode}}'
Can you see the correct client secret?adventurous-crowd-12239
02/17/2023, 6:03 PMadventurous-crowd-12239
02/21/2023, 1:52 PMaverage-finland-92144
02/21/2023, 4:05 PMscopes:
- email
- openid
average-finland-92144
02/21/2023, 4:07 PMprofile
scope?adventurous-crowd-12239
02/21/2023, 4:14 PMaverage-finland-92144
02/21/2023, 4:45 PMswift-byte-26134
03/10/2023, 4:09 PM