Closed manireddyk closed 1 year ago
@mvilanova @kevgliss any thoughts on this issue, I check prev version also same issue, also tried few commits as well, couldnt find correct one
A few thoughts:
What is aug-img
?
Are there any console errors?
We did recently have to make some SSO changes due to the way our internal SSO provider works. It's likely related to that but I need some more info on what variables you're setting and how you are setting them.
Here is the relevant PR:
https://github.com/Netflix/dispatch/pull/2732/files
Note, that envvars need to be prefixed with VITE_
instead of VUE_
now.
Thanks @kevgliss for ur reply, as you suggested I have tried variable names, still its not working
ip: https://34.100.238.151/ its redirect login page again not redirecting okta
these are my .env okta conf DISPATCH_AUTHENTICATION_PROVIDER_SLUG=dispatch-auth-provider-pkce DISPATCH_JWT_AUDIENCE=0oa7l4rzw1T3eexCl5 DISPATCH_PKCE_DONT_VERIFY_AT_HASH=true DISPATCH_AUTHENTICATION_PROVIDER_PKCE_JWKS=https://dev-7448439.okta.com/oauth2/v1/keys DISPATCH_AUTHENTICATION_PROVIDER_PKCE_CLIENT_ID=0oa7l4rzw1T3eexCl5 VITE_DISPATCH_AUTHENTICATION_PROVIDER_SLUG=dispatch-auth-provider-pkce VITE_DISPATCH_OPEN_ID_CONNECT_URL=https://dev-7448439.okta.com VITE_DISPATCH_CLIENT_ID=0oa7l4rzw1T3eexCl5 VITE_DISPATCH_AUTHENTICATION_PROVIDER_PKCE_CLIENT_ID=0oa7l4rzw1T3eexCl5 VITE_DISPATCH_AUTHENTICATION_PROVIDER_PKCE_OPEN_ID_CONNECT_URL=https://dev-7448439.okta.com/
@kevgliss I tried to passed during the build as well, got the same error
last 3 values I have doubt and what values should I provide in these variables ?
**VITE_SENTRY_APP_KEY VITE_SENTRY_DSN VITE_SENTRY_ENABLED VITE_SENTRY_TAGS** **_DATABASE_CREDENTIAL_PASSWORD XYZ _DATABASE_CREDENTIAL_USER postgres _QUOTED_DATABASE_PASSWORD XYZ**
` No JWT Email Override specified. 'email' is expected in the idtoken. Key Value
ALEMBIC_CORE_REVISION_PATH /usr/local/lib/python3.9/site-packages/dispatch/database/revisions/core ALEMBIC_INI_PATH /usr/local/lib/python3.9/site-packages/dispatch/alembic.ini ALEMBIC_MULTI_TENANT_MIGRATION_PATH /usr/local/lib/python3.9/site-packages/dispatch/database/revisions/multi-tenant-migration.sql ALEMBIC_TENANT_REVISION_PATH /usr/local/lib/python3.9/site-packages/dispatch/database/revisions/tenant DATABASE_CREDENTIALS postgres:xyzzzz DATABASE_ENGINE_MAX_OVERFLOW 0 DATABASE_ENGINE_POOL_SIZE 20 DATABASE_HOSTNAME testdbxyz.com DATABASE_NAME dispatch DATABASE_PORT 5432 DEFAULT_STATIC_DIR /usr/local/lib/python3.9/site-packages/dispatch/static/dispatch/dist DISPATCH_AUTHENTICATION_DEFAULT_USER mani.k@gmail.com DISPATCH_AUTHENTICATION_PROVIDER_HEADER_NAME remote-user DISPATCH_AUTHENTICATION_PROVIDER_PKCE_JWKS https://dev-7448439.okta.com/oauth2/v1/keys DISPATCH_AUTHENTICATION_PROVIDER_SLUG dispatch-auth-provider-pkce DISPATCH_ENCRYPTION_KEY dispatch@123 DISPATCH_JWT_ALG HS256 DISPATCH_JWT_AUDIENCE 0oa7l4rzw1T3eexCl DISPATCH_JWT_EMAIL_OVERRIDE DISPATCH_JWT_EXP 86400 DISPATCH_JWT_SECRET dispatch@123 DISPATCH_PKCE_DONT_VERIFY_AT_HASH true DISPATCH_UI_URL http://localhost:8080 ENV local ENV_TAGS {} ENV_TAG_LIST LOG_LEVEL DEBUG METRIC_PROVIDERS MJML_PATH /usr/local/lib/python3.9/site-packages/dispatch/static/dispatch/node_modules/.bin SECRET_PROVIDER SENTRY_APP_KEY SENTRY_DSN SENTRY_ENABLED SENTRY_TAGS SQLALCHEMY_DATABASE_URI postgresql+psycopg2://postgres:abcdef@xyzdatabase.com:5432/dispatch STATIC_DIR /usr/local/lib/python3.9/site-packages/dispatch/static/dispatch/dist VITE_DISPATCH_AUTHENTICATION_PROVIDER_PKCE_CLIENT_ID 0oa7l4rzw1T3eexCl VITE_DISPATCH_AUTHENTICATION_PROVIDER_PKCE_OPEN_ID_CONNECT_URL https://dev-7448439.okta.com/ VITE_DISPATCH_AUTHENTICATION_PROVIDER_SLUG dispatch-auth-provider-pkce VITE_DISPATCH_AUTHENTICATION_PROVIDER_USE_ID_TOKEN VITE_SENTRY_APP_KEY VITE_SENTRY_DSN VITE_SENTRY_ENABLED VITE_SENTRY_TAGS _DATABASE_CREDENTIAL_PASSWORD XYZ _DATABASE_CREDENTIAL_USER postgres _QUOTED_DATABASE_PASSWORD XYZ `
It looks like the server is responding with 500 errors. Are there any more logs that you provide? There should be expectations related to those 500s that should provide more context.
Im getting these only dispatch-server is there any conf values Im missing in the above context
INFO: Application startup complete. INFO: Uvicorn running on http://0.0.0.0:8000 (Press CTRL+C to quit) INFO: 172.19.0.1:41236 - "GET / HTTP/1.0" 200 OK INFO: 172.19.0.1:41252 - "GET /assets/index.d8b897ea.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41262 - "GET /assets/index.edb23d3e.css HTTP/1.0" 200 OK INFO: 172.19.0.1:41274 - "GET /assets/Table.d48a2e68.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41284 - "GET /assets/VBottomSheet.22eaa19a.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41306 - "GET /assets/VSelect.0c8367de.css HTTP/1.0" 200 OK INFO: 172.19.0.1:41294 - "GET /assets/VBottomSheet.10a6dd6d.css HTTP/1.0" 200 OK INFO: 172.19.0.1:41314 - "GET /assets/VLayout.780085c8.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41328 - "GET /assets/VSelect.164b3826.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41338 - "GET /assets/VBadge.1f2b2218.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41354 - "GET /assets/VBadge.6fbcee5c.css HTTP/1.0" 200 OK INFO: 172.19.0.1:41366 - "GET /assets/index.267708a8.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41392 - "GET /assets/IncidentPriority.f376a742.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41382 - "GET /assets/Participant.4bb7b705.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41466 - "GET /assets/VSlideGroup.cf6f3441.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41442 - "GET /assets/VItemGroup.f2e6a618.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41438 - "GET /assets/DetailsTab.d6a4c699.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41410 - "GET /assets/DateTimePickerMenu.7965578a.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41452 - "GET /assets/VTabItem.edef2684.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41496 - "GET /assets/VTabItem.9553fadc.css HTTP/1.0" 200 OK INFO: 172.19.0.1:41426 - "GET /assets/IncidentStatus.8b0f8326.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41394 - "GET /assets/VItemGroup.b0585eea.css HTTP/1.0" 200 OK INFO: 172.19.0.1:41468 - "GET /assets/VDatePicker.e966cabc.css HTTP/1.0" 200 OK INFO: 172.19.0.1:41484 - "GET /assets/VSlideGroup.e48c73cd.css HTTP/1.0" 200 OK INFO: 172.19.0.1:41532 - "GET /assets/VDatePicker.43411fe5.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41530 - "GET /assets/VAutocomplete.60f8055a.css HTTP/1.0" 200 OK INFO: 172.19.0.1:41556 - "GET /assets/VCol.3d8733cb.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41542 - "GET /assets/IncidentFilterCombobox.2d5831cc.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41520 - "GET /assets/VDataTable.481c51c0.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41550 - "GET /assets/VCombobox.38453c95.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41582 - "GET /assets/VAutocomplete.434590f4.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41602 - "GET /assets/WorkflowParametersInput.5b699a52.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41612 - "GET /assets/IncidentTypeSelect.e31619c3.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41618 - "GET /assets/utils.b162ee48.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41586 - "GET /assets/IncidentPrioritySelect.e5c24082.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41508 - "GET /assets/DateTimePickerMenu.bb1fd1ff.css HTTP/1.0" 200 OK INFO: 172.19.0.1:41570 - "GET /assets/RunModal.0e89d095.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41624 - "GET /assets/ParticipantSelect.e11c7340.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41640 - "GET /assets/DateWindowInput.125207af.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41656 - "GET /assets/VListItemGroup.2251c68e.css HTTP/1.0" 200 OK INFO: 172.19.0.1:41660 - "GET /assets/index.49b28a60.css HTTP/1.0" 200 OK INFO: 172.19.0.1:41666 - "GET /assets/VListItemGroup.407381cb.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41674 - "GET /assets/VDataTable.f533de3e.css HTTP/1.0" 200 OK INFO: 172.19.0.1:41676 - "GET /assets/IncidentTypeCombobox.9ed272b6.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41682 - "GET /assets/ProjectSelect.f9103915.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41690 - "GET /assets/IncidentSeverityCombobox.fa018e1e.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41706 - "GET /assets/TagFilterAutoComplete.d3a22b82.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41742 - "GET /assets/index.0d189d31.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41710 - "GET /assets/IncidentStatusMultiSelect.f8d566db.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41714 - "GET /assets/VFlex.66d63304.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41720 - "GET /assets/ProjectCombobox.3af5b5d7.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41730 - "GET /assets/TagTypeFilterCombobox.86789644.js HTTP/1.0" 200 OK INFO: 172.19.0.1:41758 - "GET /static/m.png HTTP/1.0" 200 OK INFO: 172.19.0.1:41882 - "GET /static/m.png HTTP/1.0" 200 OK INFO: 172.19.0.1:41888 - "GET /assets/Roboto-Regular.47107401.woff2 HTTP/1.0" 200 OK INFO: 172.19.0.1:41886 - "GET /assets/Roboto-Bold.8e44376b.woff2 HTTP/1.0" 200 OK INFO: 172.19.0.1:41904 - "GET /assets/materialdesignicons-webfont.da7fba3c.woff2?v=5.9.55 HTTP/1.0" 200 OK INFO: 172.19.0.1:41788 - "GET /organizations?itemsPerPage=50&sortBy[]=name&descending[]=false HTTP/1.0" 401 Unauthorized INFO: 172.19.0.1:41782 - "GET /default/individuals?sortBy[]=name&descending[]=false&itemsPerPage=5 HTTP/1.0" 401 Unauthorized INFO: 172.19.0.1:41774 - "GET /organizations?itemsPerPage=50&sortBy[]=name&descending[]=false&filter=[%7B%22model%22:%22Organization%22,%22field%22:%22slug%22,%22op%22:%22%3D%3D%22,%22value%22:%22default%22%7D] HTTP/1.0" 401 Unauthorized INFO: 172.19.0.1:41798 - "GET /default/projects?itemsPerPage=5&sortBy[]=name&descending[]=false HTTP/1.0" 401 Unauthorized INFO: 172.19.0.1:41808 - "GET /default/incident_types?sortBy[]=name&descending[]=false&itemsPerPage=5 HTTP/1.0" 401 Unauthorized INFO: 172.19.0.1:41816 - "GET /default/incident_severities?sortBy[]=view_order&descending[]=false HTTP/1.0" 401 Unauthorized INFO: 172.19.0.1:41824 - "GET /default/incident_priorities?sortBy[]=view_order&descending[]=false HTTP/1.0" 401 Unauthorized INFO: 172.19.0.1:41836 - "GET /default/tags?itemsPerPage=5 HTTP/1.0" 401 Unauthorized INFO: 172.19.0.1:41854 - "GET /default/incidents?sortBy[]=name&descending[]=false&itemsPerPage=5 HTTP/1.0" 401 Unauthorized INFO: 172.19.0.1:41852 - "GET /default/cases?sortBy[]=name&descending[]=false&itemsPerPage=5 HTTP/1.0" 401 Unauthorized INFO: 172.19.0.1:41928 - "GET /default/incidents?page=1&itemsPerPage=10&sortBy[]=reported_at&descending[]=true HTTP/1.0" 401 Unauthorized INFO: 172.19.0.1:41920 - "GET /assets/Roboto-Medium.96025fe9.woff2 HTTP/1.0" 200 OK INFO: 172.19.0.1:35358 - "GET /assets/Login.d7f5238a.js HTTP/1.0" 200 OK INFO: 172.19.0.1:35352 - "GET /default/individuals?sortBy[]=name&descending[]=false&itemsPerPage=5 HTTP/1.0" 401 Unauthorized INFO: 172.19.0.1:35364 - "GET /organizations?itemsPerPage=50&sortBy[]=name&descending[]=false&filter=[%7B%22model%22:%22Organization%22,%22field%22:%22slug%22,%22op%22:%22%3D%3D%22,%22value%22:%22default%22%7D] HTTP/1.0" 401 Unauthorized INFO: 172.19.0.1:35372 - "GET /static/m.png HTTP/1.0" 200 OK
So I took your settings and saw the redirect asking me to log in.
To double-check, are you setting the variables with an =
in there somewhere? e.g.
DISPATCH_AUTHENTICATION_PROVIDER_SLUG=dispatch-auth-provider-pkce
from your example the variables weren't formatted correctly.
@kevgliss may I know which url ur using inorder to redirect to okta, if I just use https://34.100.238.151/ Im not getting redirecting, can you please share the url once are u adding any suffix below one is my .env file
I requested access to the test application configuration in okta.
I'm not sure... this is what I see when I login... I think I need to be able to set the redirect URIs to my local dev instance.
@kevgliss ya ur correct, just click on admin panel -> applications -> select dispatch-app -> change ip, added in this image for ur ref
Unfortunately, I can't recreate your issue. Using your settings and that okta user, I did the following in an attempt to recreate it:
dispatch server develop
with the exact envvars you provided.I then navigated to http://localhost:8080 and made sure I cleared all application data (a new incognito window also works).
I was redirected to okta and provided the above test user credentials, and I was then correctly redirected back to the default /incidents endpoint.
I would make sure you are clearing application data (or using an incognito window) in case some setting is still cached.
Regarding your question about DISPATCH_UI_URL
this URL is not used by the authentication providers and is only used to generate valid links within slack and email messaging.
@kevgliss Thank you so much for spending ur time fixing issue , Unfortunately, I still getting the same issue, I have created a new server and did the same cloning the repo git clone https://github.com/Netflix/dispatch-docker.git creating .env file with these values https://github.com/manireddyk/dispatchconfig/blob/main/env-values configuring nginx to redirect https to http://127.0.0.1:8000 changing ip in okta url https://34.125.190.222/
Just need one help, yesterday how could you able to redirect with my server ip, is it automatically redirecting to https://34.125.190.222/ or are you adding some suffix any /xyz ?
can you please share once, how did u get the below screen?
I see; I didn't realize had access to that URL. How are you building this app before it's deployed? It looks like the PKCE provider is not being enabled. So I think something is wrong with your build process and it is not taking the VITE_
variables into account. By default, we fall back the basic auth on the frontend if no other providers are provided.
One tip; make sure your .env is available when you run npm build
this can be done a variety of ways but the simplest is to make sure that .env
is in the root of the frontend project e.g. cp .env src/dispatch/static/dispatch/.env
before you build it.
Thank @kevgliss, The above method worked, I could able to redirect okta, Thank you so much for ur help to resolve this issue,
might be is the above step (cp .env to dispatch/.env) was missing somewhere in the dispatch app, not sure why it's not getting reflected.
I have created new dispatch app using new version with proper vue_sso info, when I open url instead of redirecting to the okta website, its either directly opening login page/directly login into the dispatch app with no-user,
Later I tried with aug-img, it worked fine, I feel there is some happend in the okta/sso code, can u check once