search

goharbor / harbor

An open source trusted cloud native registry project that stores, signs, and scans content.
https://goharbor.io
Apache License 2.0
24.23k stars 4.77k forks source link

Admin, error: failed to get oidc user info, error: <QuerySeter> no row found #21041

Open kssanthoshselvaraj04 opened 1 month ago

kssanthoshselvaraj04 commented 1 month ago

If you are reporting a problem, please make sure the following information are provided:

Expected behavior and actual behavior: Getting frequent error on the harbor core container

Steps to reproduce the problem: Please provide the steps to reproduce this problem. Enable OIDC authentication enable OIDC user login except admin user

Versions: Please specify the versions of following systems.

Error Logs: 2024-09-19T16:56:12Z [ERROR] [/server/middleware/security/oidc_cli.go:68][requestID="242bf2db33e997bf2c69f93d81f51db8"]: failed to verify secret, username: admin, error: failed to get oidc user info, error: <QuerySeter> no row found 2024-09-19T16:56:42Z [ERROR] [/server/middleware/security/oidc_cli.go:68][requestID="fa0b94915681af7a535e11c2af207b0e"]: failed to verify secret, username: admin, error: failed to get oidc user info, error: <QuerySeter> no row found 2024-09-19T16:57:12Z [ERROR] [/server/middleware/security/oidc_cli.go:68][requestID="195ee11d4bd8ea0c39368145cf76c153"]: failed to verify secret, username: admin, error: failed to get oidc user info, error: <QuerySeter> no row found 2024-09-19T16:57:42Z [ERROR] [/server/middleware/security/oidc_cli.go:68][requestID="4539600fe12d22a94fd11623237bded8"]: failed to verify secret, username: admin, error: failed to get oidc user info, error: <QuerySeter> no row found

kssanthoshselvaraj04 commented 1 month ago

@Vad1mo Please let me know is this a know bug.

wy65701436 commented 1 month ago

@kssanthoshselvaraj04 Did you notice any unexpected behavior on your end?

The error message indicates that the admin user is not registered on the OIDC server, but Harbor will continue to authenticate the admin through database authenticator.

This message is somewhat misleading as it pertains specifically to the admin login. I agree that the messaging should be improved to enhance clarity for users. Additionally, we might need to consider bypassing the admin user for all non-database authentication methods.