Closed sharkymcdongles closed 1 year ago
Same here, waiting for this fix to be out, using official helm chart with OIDC configuration
2023-01-30T13:21:56.445777863Z 2023-01-30T13:21:56Z [INFO] [/jobservice/logger/service.go:63]: Found export data cleanup job with schedule id : 1
2023-01-30T13:22:56.435408139Z 2023-01-30T13:22:56Z [INFO] [/pkg/notifier/notifier.go:205]: Handle notification with Handler 'AuditLog' on topic 'CREATE_PROJECT': ID-2 Name-gitlab Operator-hrouineb OccurAt-2023-01-30 13:22:56
2023-01-30T13:24:57.636334678Z 2023-01-30T13:24:57Z [INFO] [/controller/registry/controller.go:222]: Start regular health check for registries with interval 5m0s
2023-01-30T13:26:03.476178027Z 2023-01-30T13:26:03Z [ERROR] [/server/middleware/security/oidc_cli.go:62][requestID="2115c3f2-a75e-4742-aeed-83d52c917773"]: failed to verify secret, username: robot$gitlab+yinn, error: failed to get oidc user info, error: <QuerySeter> no row found
2023-01-30T13:26:03.483522200Z 2023-01-30T13:26:03Z [INFO] [/server/middleware/security/robot.go:71][requestID="2115c3f2-a75e-4742-aeed-83d52c917773"]: a robot security context generated for request GET /service/token
2023-01-30T13:28:44.937218308Z 2023-01-30T13:28:44Z [ERROR] [/server/middleware/security/oidc_cli.go:62][requestID="15cd5e03-4df9-4d74-83b9-9a01eec5de8d"]: failed to verify secret, username: robot$gitlab+yinn, error: failed to get oidc user info, error: <QuerySeter> no row found
2023-01-30T13:28:44.947952864Z 2023-01-30T13:28:44Z [INFO] [/server/middleware/security/robot.go:71][requestID="15cd5e03-4df9-4d74-83b9-9a01eec5de8d"]: a robot security context generated for request GET /service/token
2023-01-30T13:33:43.333409691Z 2023-01-30T13:33:43Z [ERROR] [/server/middleware/security/oidc_cli.go:62][requestID="206acf81-b59b-4564-b647-91f55b3bba86"]: failed to verify secret, username: robot$gitlab+yinn, error: failed to get oidc user info, error: <QuerySeter> no row found
2023-01-30T13:33:43.342219923Z 2023-01-30T13:33:43Z [INFO] [/server/middleware/security/robot.go:71][requestID="206acf81-b59b-4564-b647-91f55b3bba86"]: a robot security context generated for request GET /service/token
2023-01-30T13:34:02.902550312Z 2023-01-30T13:34:02Z [ERROR] [/server/middleware/security/oidc_cli.go:62][requestID="487cec82-70cf-438f-9638-11b3fe2d5eb4"]: failed to verify secret, username: robot$gitlab+yinn, error: failed to get oidc user info, error: <QuerySeter> no row found
2023-01-30T13:34:02.909669962Z 2023-01-30T13:34:02Z [INFO] [/server/middleware/security/robot.go:71][requestID="487cec82-70cf-438f-9638-11b3fe2d5eb4"]: a robot security context generated for request GET /service/token
2023-01-30T13:38:45.055944272Z 2023-01-30T13:38:45Z [ERROR] [/server/middleware/security/oidc_cli.go:62][requestID="95eb830b-e4df-4929-9700-dd5d9e5ea436"]: failed to verify secret, username: robot$hisqool, error: failed to get oidc user info, error: <QuerySeter> no row found
2023-01-30T13:38:45.063001194Z 2023-01-30T13:38:45Z [INFO] [/server/middleware/security/robot.go:71][requestID="95eb830b-e4df-4929-9700-dd5d9e5ea436"]: a robot security context generated for request GET /service/token
A misleading issue, the problem was not related to OIDC authentication, it was all about registry basic auth wrong credentials I was using.
So is the fix available in version 2.7.1? Because I'm still having this issue in my latest helm install :<
So is the fix available in version 2.7.1? Because I'm still having this issue in my latest helm install :<
This fix will be included in v2.8.0
Is there any work around without moving to 2.8.0? we are in 2.6.1
I have same issue on harbor 2.9 with admin local user
username: admin, error: failed to get oidc user info, error: <QuerySeter> no row found
the same
the same on 2.7.3
Harbor 2.8.0 Actually it worked like two weeks, after that the same here as well.
EDIT: Sorry my mistake, we were using double domain to reach Harbor, I picked the wrong one. :) Just make sure, the Valid Redirect URI that you entered to your OIDC provider should be macthed with the Harbor URL.
Harbor 2.9.1 We also see errors for the admin user:
2023-11-15T09:38:07Z [ERROR] [/server/middleware/security/oidc_cli.go:68][requestID="b260d299-612e-4bae-a771-bed7155e1767"]: failed to verify secret, username: admin, error: failed to get oidc user info, error: <QuerySeter> no row found
Harbor 2.9.1 Upgrade:
2023-11-16T17:08:36Z [ERROR] [/server/middleware/security/oidc_cli.go:68][requestID="xxxxx"]: failed to verify secret, username: admin, error: failed to get oidc user info, error: <QuerySeter> no row found
Maybe it helps someone:
If you get a 401 only when viewing the data of a specific image in Harbor UI (while viewing all other pages work), then you should check your Harbor secrets.
We face the same issue with v2.10.1
2024-04-06T05:01:16Z [ERROR] [/server/middleware/security/oidc_cli.go:68][requestID=xxx]: failed to verify secret, username: admin, error: failed to get oidc user info, error: <QuerySeter> no row found
I had the same issue with v.2.10.2
2024-06-20T03:07:55Z [ERROR] [/server/middleware/security/oidc_cli.go:68][requestID="334fcd11abfd96644d485b9ab971f268"]: failed to verify secret, username: robot, error: failed to get oidc user info, error: <QuerySeter> no row found
2024-06-20T03:07:55Z [ERROR] [/server/middleware/security/basic_auth.go:72][client IP="10.27.63.71" requestID="334fcd11abfd96644d485b9ab971f268" user agent="docker/1.13.1 go/go1.10.3 kernel/5.10.16.3-microsoft-standard-WSL2 os/linux arch/amd64 UpstreamClient(Docker-Client/1.13.1 \(linux\))"]: failed to authenticate user:robot, error:not supported
We are facing this issue also on v2.10.2.
We are facing this issue on 2.11.0
failed to verify secret, username: admin, error: failed to get oidc user info, error: <QuerySeter> no row found
However, we have local system admin user, OIDC users for real users and robot accounts for pipeline tasks.
Same issue at date
failed to verify secret, username: ddd, error: failed to get oidc user info, error: <
QuerySeter> no row found
robot account not possible when using oidc, what a huge bug !!
Also now seeing this issue:
failed to verify secret, username: admin, error: failed to get oidc user in
fo, error: <QuerySeter> no row found
Oddly enough, with debug logging enabled, I see
harbor-staging-core-5fd949656c-sbskc 2024-10-21T17:32:52Z [DEBUG] [/core/auth/authenticator.go:145]: Current AUTH_MODE is db_auth
when I attempt to use the admin credentials via CLI
This is not true, it is set to OIDC (configured via terraform, indicated as such via the UI).
I assume this is because the admin user is stored in the DB?
It appears when OIDC is enabled the auth goes through OIDC even if the account is a robot account with no OIDC. This causes the logs to be inundated with this error message:
2021-07-02T14:55:11Z [ERROR] [/server/middleware/security/oidc_cli.go:62][requestID="a2af154dd57eca5e5a05a8ac4012a311"]: failed to verify secret, username: robot$gitlab, error: failed to get oidc user info, error: <QuerySeter> no row
Since robot accounts cannot even be linked to OIDC accounts is there some sort of way to stop these log messages and errors?
I am using v2.3.0. OIDC settings are: