search

datahub-project / datahub

The Metadata Platform for your Data and AI Stack
https://datahubproject.io
Apache License 2.0
9.93k stars 2.94k forks source link

Okta oidc is failing post authentication #11886

Open brad1193 opened 3 days ago

brad1193 commented 3 days ago

Describe the bug Okta oidc is failing to complete authentication with the error:
Failed to perform post authentication steps. Error message: com.linkedin.r2.RemoteInvocationException: Failed to get response from server for URI http://datahub-datahub-gms:8080/aspects

To Reproduce Steps to reproduce the behavior:

  1. Create an okta tests account https://www.okta.com/free-trial/
  2. Follow the kubernets setup instructions for the helm values https://datahubproject.io/docs/authentication/guides/sso/configure-oidc-react#kubernetes
  3. Attempt to login through to datahub cluster with okta single sign on.
  4. Get error in browser window for failed response.

Expected behavior Expecting to be redirected to my users authenticated datahub acccount. Screenshots

Screenshot 2024-11-18 at 6 27 53 PM

Desktop (please complete the following information):

Additional context Helm Version version.BuildInfo{Version:"v3.6.1", GitCommit:"61d8e8c4a6f95540c15c6a65f36a6dd0a45e7a2f", GitTreeState:"clean", GoVersion:"go1.16.5"} Kubernets version v1.30.4-eks-a737599 Helm chart values:

source:
  repoURL: https://helm.datahubproject.io
  targetRevision: 0.4.36
  helm:
    releaseName: datahub
    values: |
      acryl-datahub-actions:
        enabled: true
        extraVolumeMounts:
          - mountPath: /mnt
            name: datahub-acrylactions
        extraVolumes:
          - name: datahub-acrylactions
        resources:
          limits:
            memory: 4Gi
          requests:
            cpu: 1000m
            memory: 2Gi
        serviceMonitor:
          create: true
      datahub-frontend:
        extraEnvs:
          - name: AUTH_JAAS_ENABLED
            value: "false"
        enabled: true
        exporters:
          jmx:
            enabled: true
        oidcAuthentication:
          clientId: xxxxxxxxxxxxxxxxxx
          clientSecretRef:
            secretKey: clientSecret
            secretRef: okta-oidc
          enabled: true
          oktaDomain: rent.okta.com
          provider: okta
        resources:
          limits:
            cpu: 1000m
            memory: 2G
          requests:
            cpu: 1000m
            memory: 2G
        service:
          type: ClusterIP
        serviceMonitor:
          create: true
        ingress:
          enabled: false
          hosts:
            - host: datahub.tools.rent.com
      datahub-gms:
        enabled: true
        resources:
          limits:
            cpu: 2000m
            memory: 4G
          requests:
            cpu: 2000m
            memory: 4G
        service:
          type: ClusterIP
        serviceMonitor:
          create: enabled
      datahubSystemUpdate:
        enabled: false
        podAnnotations:
          sidecar.istio.io/inject: "false"
      datahubUpgrade:
        enabled: true
        podAnnotations:
          sidecar.istio.io/inject: "false"
      elasticsearchSetupJob:
        enabled: true
        podAnnotations:
          sidecar.istio.io/inject: "false"
      global:
        datahub:
          gms:
            host: datahub-gms.tools.rent.com
            port: 443
          metadata_service_authentication:
            enabled: false
        datahub_analytics_enabled: true
        elasticsearch:
          host: "elasticsearch-master"
          port: "9200"
        kafka:
          bootstrap:
            server: "datahub-prerequisites-kafka:9092"
          zookeeper:
            server: "datahub-prerequisites-zookeeper:2181"
        monitoring:
          enableJMXPort: true
          enablePrometheus: true
        neo4j:
          host: "datahub-prerequisites-neo4j-community:7474"
          uri: "bolt://datahub-prerequisites-neo4j-community"
        sql:
          datasource:
            host: "datahub-prerequisites-mysql:3306"
            hostForMysqlClient: "datahub-prerequisites-mysql"
            password:
              secretKey: mysql-root-password
              secretRef: mysql-secrets
            port: "3306"
            url: "jdbc:mysql://datahub-prerequisites-mysql:3306/datahub?verifyServerCertificate=false&useSSL=true&useUnicode=yes&characterEncoding=UTF-8&enabledTLSProtocols=TLSv1.2"
            username: "xxxxxxxxx"
      kafkaSetupJob:
        enabled: true
        podAnnotations:
          sidecar.istio.io/inject: "false"
      mysqlSetupJob:
        enabled: true
        podAnnotations:
          sidecar.istio.io/inject: "false"
      postgresqlSetupJob:
        enabled: false
  chart: datahub
destination:
  server: https://kubernetes.default.svc
  namespace: datahub
syncPolicy:
  automated:
    prune: true
    selfHeal: true
  syncOptions:
    - ApplyOutOfSyncOnly=true
revisionHistoryLimit: 2