Closed Simonkz closed 10 months ago
Hello,
Are you sure about the key oidc_client_secret in secret ?
Thomas
Hi Thomas,
I'm sure I can login if I copy the value of key oidc_client_secret and save it in harbor's Configuration UI.
But I'm not sure how it is configured with HarborConfiguration. I didn't find much document about it. I was using key name in oidc_client_secret
So my question is what could be wrong in my config or could it be a bug in harbor?
Thanks.
Indeed the secret key is oidc_client_secret
as we can see here.
Looks more like an operator bug, wdyt @chlins ?
Yep, I think it's should be a bug, will try to reproduce it.
@Simonkz Hi, how did you encode your oidc_client_secret with base64? sometimes the extra '\n' at the end will cause the problem, I cannot reproduce the issue in my environment.
You are right. My local terminal echo *my-client-secret* | base64 -i -
command produced different encoding result than kubectl create secret generic secret-oidc --from-literal=oidc_client_secret=*my-client-secret*
in k8s cluster.
The correct way to set secret is using kubectl
cmd. After that, I can login successfully.
harbor operator: v1.3.0 harbor: 2.5.1
Hi team, I'm trying to config OIDC login with day-2 config CR
HarborConfiguration
. After I applied my HarborConfiguration CR, I got 401 unauthorized error in exchange token step.However, if I set the same settings in harbor Configuration UI page, I can login using OIDC without any issue.
my config example:
error log in harbor-core pod
error in UI
One more thing I found: If I applied my HarborConfiguration first and then copy/paste/save
my-client-secret
in UI, the OIDC login works without any issue.