GitLab's OAuth2.0 white screen after sign in

[IIPOCTAK]

Issue submitter TODO list

• [X] I've looked up my issue in FAQ
• [X] I've searched for an already existing issues here
• [X] I've tried running main-labeled docker image and the issue still persists there
• [X] I'm running a supported version of the application which is listed here

Describe the bug (actual behavior)

When GitLab's sign in is complete entire screen is white

Expected behavior

I should see UI tab

Your installation details

We are using GitLab as OAuth provider for some applications, kafka-ui in the list. Our configuration is:

---
kafka:
  clusters:
    - name: <cluster>
      bootstrapServers: <redacter>

spring:
  security:
    oauth2:

auth:
  type: OAUTH2
  oauth2:
    client:
      gitlab:
        clientId: <redacted>
        clientSecret: <redacted>
        scope: 'openid'
        client-name: gitlab
        provider: gitlab
        redirect-uri: https://<redacted>/login/oauth2/code/gitlab
        issuer-uri: https:// <redacted>
        authorization-grant-type: authorization_code
        user-name-attribute: nickname
        custom-params:
          type: oauth
          roles-field: nickname

management:
  health:
    ldap:
      enabled: false

rbac:
  roles:
    - name: "admins"
      cluster:
        - <cluster>
      subjects:
        - provider: oauth
          type: role
          value: "<nickname>"
      permissions:
        - resource: applicationconfig
          actions: all

        - resource: clusterconfig
          actions: all

        - resource: topic
          value: ".*"
          actions: all

        - resource: consumer
          value: ".*"
          actions: all

        - resource: schema
          value: ".*"
          actions: all

        - resource: connect
          value: ".*"
          actions: all

        - resource: ksql
          actions: all

        - resource: acl
          value: ".*"
          actions: [ view ]

Steps to reproduce

Deploy application using helm chart and setup GitLab OAuth2

Screenshots

Logs

In the log I see successful login: DEBUG [reactor-http-nio-3] i.k.u.s.r.e.OauthAuthorityExtractor: Token's groups: [] DEBUG [reactor-http-nio-3] i.k.u.s.r.e.OauthAuthorityExtractor: Matched roles: [admins]

With debug: on: DEBUG [reactor-http-nio-3] o.s.s.w.s.c.WebSessionServerSecurityContextRepository: Found SecurityContext 'SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=RbacOidcUser[user=Name: [], Granted Authorities: [[OIDC_USER, SCOPE_openid, SCOPE_profile]], User Attributes: [{sub=19, groups_direct=[], profile=https:///, iss=https://, groups=[], preferred_username=, https://gitlab.org/claims/groups/owner=[], nonce=, picture=https:///uploads/-/system/user/avatar/19/avatar.png, aud=[], auth_time=, name=, nickname= sub_legacy=, exp=, iat=}], groups=[admins]], Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[OIDC_USER, SCOPE_openid, SCOPE_profile]]]' in WebSession: 'org.springframework.web.server.session.InMemoryWebSessionStore$InMemoryWebSession@1ecb2f6'

Additional context

Helm values:

replicaCount: 1

image:
  registry: ghcr.io
  repository: kafbat/kafka-ui
  pullPolicy: IfNotPresent
  # Overrides the image tag whose default is the chart appVersion.
  tag: ""

imagePullSecrets: []
nameOverride: ""
fullnameOverride: "kafbat-ui"

...

yamlApplicationConfigConfigMap:
  keyName: config.yaml
  name: kafbat-ui-config
yamlApplicationConfigSecret:
  {}
  # keyName: config.yml
  # name: secretName

existingSecret: "kafbat-ui-env"
envs:
  secret: {}
  config:
    SERVER_SERVLET_CONTEXT_PATH: '/kafka-ui'
    LOGGING_LEVEL_ROOT: 'debug'

...

# Ingress configuration
ingress:
  # Enable ingress resource
  enabled: true

  # Annotations for the Ingress
  annotations:
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/whitelist-source-range: <IPs>

  # ingressClassName for the Ingress
  ingressClassName: "public"

  # The path for the Ingress
  path: "/kafka-ui"

  # The path type for the Ingress
  pathType: "Prefix"

  # The hostname for the Ingress
  host: "kafbat-ui.example.com"

  # configs for Ingress TLS
  tls:
    # Enable TLS termination for the Ingress
    enabled: false
    # the name of a pre-created Secret containing a TLS private key and certificate
    secretName: ""

  # HTTP paths to add to the Ingress before the default path
  precedingPaths: []

  # Http paths to add to the Ingress after the default path
  succeedingPaths: []

resources:
  limits:
    cpu: 200m
    memory: 512Mi
  requests:
    cpu: 200m
    memory: 256Mi

...

Note: Without rbac section (only when auth is present) I can login without any problem and see all pages.

[github-actions[bot]]

Hi IIPOCTAK! 👋

Welcome, and thank you for opening your first issue in the repo!

Please wait for triaging by our maintainers.

As development is carried out in our spare time, you can support us by sponsoring our activities or even funding the development of specific issues. Sponsorship link

If you plan to raise a PR for this issue, please take a look at our contributing guide.

[Haarolean]

Hi, can you check browser's dev console for errors and/or failed network requests?

[kapybro[bot]]

Further user feedback is requested. Please reply within 7 days or we might close the issue.

[IIPOCTAK]

@Haarolean Sure. There are only success codes (here I refreshed the page with white screen):

[kapybro[bot]]

Thanks for the additional feedback! We'll get back to your issue soon.

[Haarolean]

And the other one please, JS errors in the console.

[IIPOCTAK]

@Haarolean here it is:

[Haarolean]

There's a typo in your config, it's clusters, not cluster:

[IIPOCTAK]

Yeah, right now everything is working properly. Thank you!