Bug 2064392 - multicloud oauth-proxy failed to log users in on web
Summary: multicloud oauth-proxy failed to log users in on web
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Advanced Cluster Management for Kubernetes
Classification: Red Hat
Component: Installer
Version: rhacm-2.5
Hardware: x86_64
OS: Unspecified
unspecified
high
Target Milestone: ---
: rhacm-2.5
Assignee: Jakob
QA Contact: txue
Christopher Dawson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-03-15 18:06 UTC by Thuy Nguyen
Modified: 2023-06-07 23:25 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-06-09 02:09:30 UTC
Target Upstream Version:
Embargoed:
bot-tracker-sync: rhacm-2.5+

Attachments (Terms of Use)
Error page (48.33 KB, image/png)
2022-03-15 18:06 UTC, Thuy Nguyen 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Github stolostron backlog issues 20712 0 None None None 2022-03-15 19:48:20 UTC
Red Hat Product Errata RHSA-2022:4956 0 None None None 2022-06-09 02:09:41 UTC

Description Thuy Nguyen 2022-03-15 18:06:33 UTC 
Created attachment 1866077 [details]
Error page

Description of problem: multicloud oauth-proxy failed to log users in on web


Version-Release number of selected component (if applicable):
- ACM 2.5.0-DOWNSTREAM-2022-03-14-13-03-46 (S4) 
- OCP 4.8.33

How reproducible:


Steps to Reproduce:
1. Replace openshift default ingress cert with a self-signed custom cert
2. Install ACM/MCH/MCE 
3. Log admin user into multicloud console

Actual results:
Error page gets displayed

Expected results:


Additional info:

ingress oauth-proxy log:
2022/03/14 22:30:02 provider.go:351: Delegation of authentication and authorization to OpenShift is enabled for bearer tokens and client certificates.
2022/03/14 22:30:02 oauthproxy.go:203: mapping path "/" => upstream "https://management-ingress.ocm.svc:8443/"
2022/03/14 22:30:02 oauthproxy.go:230: OAuthProxy configured for  Client ID: multicloudingress
2022/03/14 22:30:02 oauthproxy.go:240: Cookie settings: name:_oauth_proxy secure(https):true httponly:true expiry:12h0m0s domain:<default> samesite: refresh:after 8h0m0s
2022/03/14 22:30:02 oauthproxy.go:252: WARN: Configured to pass client specified bearer token upstream.
      Only use this option if you're sure that the upstream will not leak or abuse the given token.
      Bear in mind that the token could be a long lived token or hard to revoke.
2022/03/14 22:30:02 http.go:61: HTTP: listening on 127.0.0.1:4180
2022/03/14 22:30:02 http.go:107: HTTPS: listening on [::]:9443
I0314 22:30:02.498775       1 dynamic_serving_content.go:130] Starting serving::/etc/tls/private/tls.crt::/etc/tls/private/tls.key
2022/03/15 17:53:26 oauthproxy.go:445: ErrorPage 500 Internal Error configmap "oauth-serving-cert" not found
Comment 1 Kevin Cormier 2022-03-15 18:15:09 UTC 
We have reported this to OpenShift here: https://bugzilla.redhat.com/show_bug.cgi?id=2062347
Comment 6 errata-xmlrpc 2022-06-09 02:09:30 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat Advanced Cluster Management 2.5 security updates, images, and bug fixes), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:4956
Comment 7 Eboni Booker 2023-01-04 06:22:01 UTC Comment hidden (spam)
Note You need to log in before you can comment on or make changes to this bug.