I hope this hasn't already been presented and resolved. I checked release notes and other issues, but I didn't find anything about this specific issue.
General info:
OnDemand 1.8.20
CentOS 7
Specific Issue:
After I edit /etc/ood/config/ood_portal.yml to implement OpenID Connect as defined in the documentation here, and run /opt/ood/ood-portal-generator/sbin/update_ood_portal there seems to be an incorrect update to ood-portal.conf.
Example -
Here is my odic config from ood_portal.yml based on the documentation. Redacted the actual urls and ids.
$ /opt/ood/ood-portal-generator/sbin/update_ood_portal
cp -p <CERTS>
chown ondemand-dex:ondemand-dex /etc/ood/dex/crt.crt
cp -p /etc/pki/tls/private/key.key /etc/ood/dex/key.key
chown ondemand-dex:ondemand-dex /etc/ood/dex/key.key
Generating new Apache config at: '/opt/rh/httpd24/root/etc/httpd/conf.d/ood-portal.conf'
chown root:apache /opt/rh/httpd24/root/etc/httpd/conf.d/ood-portal.conf
chmod 640 /opt/rh/httpd24/root/etc/httpd/conf.d/ood-portal.conf
Generating Apache config checksum file: '/etc/ood/config/ood_portal.sha256sum'
No change in the Dex config.
Completed successfully!
Restart the httpd24-httpd service now.
Suggested command:
sudo systemctl try-restart httpd24-httpd.service httpd24-htcacheclean.service
I can then restart the service just fine, however accessing the page doesn't seem to work correctly. So I look at ood-portal.conf and see the following in the oidc section:
OIDCProviderMetadataURL https://ondemand.com:5554/.well-known/openid-configuration
OIDCClientID ondemand.com
OIDCClientSecret xyz123 (No idea what this actually is)
OIDCRedirectURI https://ondemand.com/oidc
OIDCRemoteUserClaim email
OIDCScope "openid profile email groups"
OIDCCryptoPassphrase fgh123
OIDCSessionInactivityTimeout 28800
OIDCSessionMaxDuration 28800
OIDCStateMaxNumberOfCookies 10 true
OIDCCookieSameSite Off
OIDCPassClaimsAs environment
OIDCPassIDTokenAs serialized
OIDCPassRefreshToken On
OIDCStripCookies mod_auth_openidc_session mod_auth_openidc_session_chunks mod_auth_openidc_session_0 mod_auth_openidc_session_1
It seems my oidc metadata url and other pieces of information don't translate correctly. I tried finding the issue in /opt/ood/ood-portal-generator but haven't been able to find it yet. I wanted to bring this up. If it's already been fixed, I apologize for using an older version of OnDemand :)
Let me know if there's any other information I can provide. Thanks.
Hi,
I hope this hasn't already been presented and resolved. I checked release notes and other issues, but I didn't find anything about this specific issue.
General info: OnDemand 1.8.20 CentOS 7
Specific Issue: After I edit
/etc/ood/config/ood_portal.yml
to implement OpenID Connect as defined in the documentation here, and run/opt/ood/ood-portal-generator/sbin/update_ood_portal
there seems to be an incorrect update toood-portal.conf
.Example -
Here is my odic config from
ood_portal.yml
based on the documentation. Redacted the actual urls and ids.After this is in place, I run
I can then restart the service just fine, however accessing the page doesn't seem to work correctly. So I look at
ood-portal.conf
and see the following in the oidc section:It seems my oidc metadata url and other pieces of information don't translate correctly. I tried finding the issue in
/opt/ood/ood-portal-generator
but haven't been able to find it yet. I wanted to bring this up. If it's already been fixed, I apologize for using an older version of OnDemand :)Let me know if there's any other information I can provide. Thanks.
┆Issue is synchronized with this Asana task by Unito