Open mconigliaro opened 8 months ago
we are having similar issues with argocd cli sso login using Okta:
oauth2: "invalid_client" "Client authentication failed. Either the client or the client credentials are invalid."
I did add cliClientID
into the argocd-cm configuration which is the same as clientID
as we are sharing the same APP for both web browser login and argocd command line cli login.
argocd cli version: 2.8.5 argocd server version: 2.8.5
I also tried setting cliClientID
, but it didn't help. If the docs are correct, it defaults to the value of clientID
anyway, so there's no point in doing that if the web UI and the CLI share the same IDP app. Out of desperation, I tried creating a dedicated IDP app for the CLI (so clientID
and cliClientID
could be different), but that didn't help either.
having the same issue right now
Same problem here!
Just tested with latest v2.9.5 release and same issues still exists
same problem here with latest v2.10.1 version
Same problem with latest
Same issue here happening when using Authentik as our IdP.
same issue here with okta
Had it been resolved for 9 month so far??
Someone had it working here: https://github.com/argoproj/argo-cd/issues/12124#issuecomment-1717865942
The solution for Keykloak is here: https://github.com/argoproj/argo-cd/issues/12124#issuecomment-2204914627
Someone had it working here: #12124 (comment)
Thank you! this was helpful and worked!
@alexmt probably this should be added to the docs and the case could be closed
I have the same problem with Jumpcloud IdP, I am not sure about the config I need to set with Jumpcloud
I have the same problem with Jumpcloud IdP, I am not sure about the config I need to set with Jumpcloud
@llavaud - This is what I'm using in my values file with Jumpcloud as an IdP, hopefully it works for you with appropriate tweaking:
configs:
cm:
create: true
oidc.config: |
name: "Jumpcloud"
issuer: "https://oauth.id.jumpcloud.com/"
clientID: "MY_JUMPCLOUD_CLIENT_ID"
clientSecret: "MY_JUMPCLOUD_CLIENT_SECRET"
requestedScopes:
- openid
- email
- profile
- groups
rbac:
create: true
scopes: "[groups]"
policy.csv: |
p, role:clusterAdmin, *, *, *, allow
p, role:noPerms, *, *, *, deny
g, MY_JUMPCLOUD_ADMIN_GROUP, role:clusterAdmin
g, MY_JUMPCLOUD_READONLY_GROUP, role:readonly
In Jumpcloud, I have the following as an authorized redirect URI: https://MY-ARGOCD-FQDN/auth/callback
, and am including the group attribute of groups
.
Hope this helps!
Checklist:
argocd version
.Describe the bug
SSO authentication doesn't work in the CLI, but it works just fine in the web UI. Our identity provider is Jumpcloud.
To Reproduce
Version