search

gravitational / teleport

The easiest, and most secure way to access and protect all of your infrastructure.
https://goteleport.com
GNU Affero General Public License v3.0
17.52k stars 1.75k forks source link

Dead link to SSO provider-specific workarounds in Teleport audit log output #17347

Closed webvictim closed 1 year ago

webvictim commented 2 years ago

Applies To

https://goteleport.com/docs/access-controls/sso/#provider-specific-workarounds

This link appears in Teleport's audit log when SSO login fails with an error that might need to be mitigated by a provider-specific workaround (such as those we have for ping and jumpcloud) - unfortunately this anchor doesn't appear to be present in the docs.

Sample Teleport audit log output:

{
  "cluster_name": "purple",
  "code": "T1001W",
  "ei": 0,
  "error": "invalid_request: Cannot supply multiple client credentials. Use one of the following: credentials in the Authorization header, credentials in the post body, or a client_assertion in the post body.",
  "event": "user.login",
  "message": "Failed to extract OIDC claims. This may indicate need to set 'provider' flag in connector definition. See: https://goteleport.com/docs/enterprise/sso/#provider-specific-workarounds\n\tinvalid_request: Cannot supply multiple client credentials. Use one of the following: credentials in the Authorization header, credentials in the post body, or a client_assertion in the post body.",
  "method": "oidc",
  "success": false,
  "time": "2022-10-12T17:53:35.105Z",
  "uid": "1e9683ed-a970-4c92-a5c8-5a4551851a20"
}

Details

Fix the broken link, preferably in the docs (so existing Teleport deployments can resolve it correctly) or by changing the link in the Teleport codebase.

zmb3 commented 1 year ago

This is no longer an issue. If I go to the link above I'm correctly redirected to the appropriate section.