Closed joba-hy closed 3 years ago
I don't think the upstream Istio helm chart supports that - openid auth strategy is a relatively new feature in Kiali, and I doubt Istio has incorporated it into the helm chart, especially considering the addons like prometheus, kiali, grafana are being removed from the istioctl helm charts.
Is there a reason you think that kiali.dashboard.auth.openid
section is valid in the istio helm values?
@joba-hy Were you able to solve this issue? I am having the same problem. I am using issuer_uri: "https://accounts.google.com/.well-known/openid-configuration"
@fai555 I think the issure_uri
for google is https://accounts.google.com/
. It should not include the other part.
Closing as stale, because we didn't get a reply from the OP.
For those who are trying to get this working, please make sure you only include your root CA, and if utilizing Helm, make sure the formatting is correct (appropriate line breaks, no double quotes, etc.). Also, we at first were trying to use base64 encoding, however, it does not appear to be appropriate/needed. We setup the config map to JUST have the root CA, in normal certificate text/formatting, with no encoding, and this worked for us.
I am trying to configure Kiali to use the openid authentication. When I press the "Log In With OpenID" button, I am redirected to /kiali/api/auth/openid_redirect with the error message:
{"error":"Error fetching OpenID provider metadata.","detail":"Get \"/.well-known/openid-configuration\": unsupported protocol scheme \"\""}
Also I'm using key-cloack as openid provider. Let me know what is an issue. Also I'm not aware of what can be value for issuer_uri?
@yudiz-Manushi If you are still having a problem you may want to open a Discussion, and see if someone can help.
Describe the bug I am trying to configure Kiali to use the openid authentication. When I press the "Log In With OpenID" button, I am redirected to
/kiali/api/auth/openid_redirect
with the error message:There is no error in the Kiali log.
Kiali configuration in istio profile.yaml:
The values for
client_id
,issuer_uri
andusername_claim
are set as defined in the documentationVersions used Kiali: v1.20 Istio: 1.6.5 Kubernetes: 1.18.5