search

argoproj / argo-cd

Declarative Continuous Deployment for Kubernetes
https://argo-cd.readthedocs.io
Apache License 2.0
18k stars 5.48k forks source link

Failing to connect OIDC with IDP #20859

Open onkar6699 opened 2 days ago

onkar6699 commented 2 days ago

Describe the bug

I have configured nginx reverse proxy for argocd application OIDC Integration failing with error Invalid redirect URL: the protocol and host (including port) must match and the path must be within allowed URLs if provided As per this PR https://github.com/argoproj/argo-cd/pull/4780 allowed URLi tried To Reproduce

ArgoCD OIDC Config url: https://argocd.example.com/ (nginx exposed app) oidc.config: | name: MYIDP issuer: myissuerURL clientID: 0oa9abcdefgh123AB5d7 clientSecret: ABCDEFG1234567890abcdefg requestedScopes: ["openid", "profile", "email", "groups"] requestedIDTokenClaims: {"groups": {"essential": true}}

In IDP i have configured OIDc APP with all URL mentioned in PR i am getting same error Expected behavior

it should login to app

Screenshots

Version

argocd: v2.12.6+4dab5bd BuildDate: 2024-10-18T17:39:26Z GitCommit: https://github.com/argoproj/argo-cd/commit/4dab5bd6a60adea12e084ad23519e35b710060a2 GitTreeState: clean GoVersion: go1.22.4 Compiler: gc Platform: linux/amd64

Logs

In info log of oidc i am getting only time="2024-11-19T13:41:29Z" level=info msg="OIDC supported scopes: [openid profile email phone address groups]" after that above invalid redirect URL

andrii-korotkov-verkada commented 1 day ago

Try getting some debug logs with setting this

apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-cmd-params-cm
data:
  applicationsetcontroller.log.level: debug
  applicationsetcontroller.log.format: json
  controller.log.level: debug
  controller.log.format: json
  notificationscontroller.log.level: debug
  notificationscontroller.log.format: json
  reposerver.log.level: debug
  reposerver.log.format: json
  server.log.level: debug
  server.log.format: json
  ...