Open SamuZad opened 2 months ago
We found this issue yesterday in our project as well.
The problem is with hardcoded keycloak redirectUri in auth.ts of alerta web ui.
Basically, what aplication needs after successful login is authorization code which is scrapped by vue-authenticate library parseQueryString function and it doesn't matter where we are redirected as just the authorization code matters.
The problem is, popup us being redirected for a moment to another instance of alerta (with autorization code as get parameter), which wants to bootstrap itself. So, it makes request for config.json
and api call to /config
(this is what alerta does on bootstrap).
The main instance of alerta, from which we are opening the popup, closes the popup as it successfully obtained the authorization code from the popup url, but the second one (bootstrapping second instance of alerta) might not finish the request to /config
so the browser cancels the request which result in browser alert here.
The problem sometimes occurs and sometimes not is because vue-authenticate library is using pooling with 250ms interval here to obtain the authorization code from the popup url, so sometimes the /config api call is successful and sometimes not.
It can be fixed in multiple ways. 1) Changing the alert to console.error 2) Changing the redirect uri here to something else (and adding it in keycloak admin panel) but that would require removal of this if statement as well
Issue Summary We have setup OpenID authentication with an Okta app, and set AUTH_REQUIRED True
About 50% of the time, the authentication seems to fail with the following error message in the popup window:
However, upon clicking OK, the popup closes itself and the authentication succeeds
We have tried setting
UWSGI_PROCESSES
to1
, thinking it would be something with workers, to no avail. Turning on the audit logs also wasn't particularly helpful, though we could have missed something of courseEnvironment
OS: Linux
API version: 9.0.3
Deployment: Docker
Database: Postgres
Server config: Auth enabled? Yes Auth provider? OpenID Customer views? No
Expected behavior We expect the authentication flow to be more consistent.
Additional context Config:
config.js:
{"endpoint": "https://alerta.mycompany.com/api"}