Channels
announcements
ask-the-community
auth
conference-talks
contribute
databricks-integration
datahub-flyte
deployment
ecosystem-unionml
engineeringlabs
events
feature-discussions
flyte-bazel
flyte-build
flyte-console
flyte-deployment
flyte-documentation
flyte-github
flyte-ui-ux
flytekit
flytekit-java
flytelab
great-content
hacktoberfest-2022
helsing-flyte
in-flyte-conversations
introductions
jobs
konan-integration
linkedin-flyte
random
ray-integration
ray-on-flyte
release
scipy-2022-sprint
sig-large-models
workflow-building-ui-proj
writing-w-sfloris
Powered by LinenTitle
l
lgladh
02/17/2023, 4:49 PMHi!
I have a single cluster deployment of Flyte. For authorization I am trying to setup OpenID with Azure AD. I have followed Authenticating in Flyte - Flyte, and the relevant part of my configuration currently looks like this:
server:
security:
secure: false
useAuth: true
auth:
authorizedUris:
- https://<my public domain>
- <http://flyteadmin:80>
- <http://flyteadmin.mlops-services.svc.cluster.local:80>
userAuth:
redirectUrl: https://<my app url>/callback # Also added to redirect URI:s in Azure portal
openId:
baseUrl: <https://login.microsoftonline.com/><my tenant>/v2.0
scopes:
- email
- openid
clientId: <My client id from Azure portal>data:
oidc_client_secret: <base64 encoded client_secret from Azure portal>- backend:
service:
name: flyteadmin
port:
number: 80
path: /callback
pathType: ImplementationSpecific
- backend:
service:
name: flyteadmin
port:
number: 80
path: /callback/*
pathType: ImplementationSpecificAccess to <my domain> was denied
You don't have the user rights to view this page
HTTP error 403{"json":{},"level":"error","msg":"Failed to retrieve tokens from request, redirecting to login handler. Error: [EMPTY_OAUTH_TOKEN] Failure to retrieve cookie [flyte_idt], caused by: http: named cookie not present","ts":"2023-02-17T13:04:21Z"}
{"json":{},"level":"error","msg":"Error generating encrypted accesstoken cookie [SECURE_COOKIE_ERROR] Error creating secure cookie, caused by: securecookie: the value is too long","ts":"2023-02-17T13:04:22Z"}
{"json":{},"level":"error","msg":"Error setting encrypted JWT cookie [SECURE_COOKIE_ERROR] Error creating secure cookie, caused by: securecookie: the value is too long","ts":"2023-02-17T13:04:22Z"}d
David Espejo (he/him)
02/17/2023, 5:28 PMHi @Igladh
If you execute
kubectl get secrets/flyte-admin-secrets --template='{{.data.oidc_client_secret | base64decode}}'l
lgladh
02/17/2023, 6:03 PMHey @David Espejo (he/him),
I see the correct secret.
@David Espejo (he/him) Still haven't found a solution to this. I have tried setting up auth for another orchestrator using the same client secret etc., and it works. So, I guess it has to be something in the Flyte configuration?
Anyone in particular I can try contacting to get help?
d
David Espejo (he/him)
02/21/2023, 4:05 PMsorry for the delay Igladh, there's something that captures my attention in your config:
scopes:
- email
- openidisn't it missing the
profilel
lgladh
02/21/2023, 4:14 PMI have tried adding profile as well, it does not fix the problem unfortunately.
d
David Espejo (he/him)
02/21/2023, 4:45 PMcc @Yee in case you have ideas to help debug this problem
j
João Lobo Guerra Neto
03/10/2023, 4:09 PM@Yee do you have any resolution for this problem? I same error here =(