search

linuxserver / docker-kasm

Kasm Workspaces platform provides enterprise-class orchestration, data loss prevention, and web streaming technology to enable the delivery of containerized workloads to your browser.
GNU General Public License v3.0
315 stars 28 forks source link

[BUG] Kasm OpenID Configueration failing with a "Missing access token parameter" error #51

Closed obadaahmar closed 3 months ago

obadaahmar commented 7 months ago

Is there an existing issue for this?

Current Behavior

Kasm is facing an "Internal Error" whenever I try to authenticate via Authentik's OpenID setup, the logs spits out this error: "oauthlib/oauth2/rfc6749/parameters.py", line 451, in validate_token_parameters\noauthlib.oauth2.rfc6749.errors.MissingTokenError: (missing_token) Missing access token parameter."

Expected Behavior

To be able to use OpenID (OAuth or OIDC) to login to KASM, in this case using Authentik's OpenID feature.

Steps To Reproduce

  1. Go to 'kasm.domain.tld'
  2. Click on 'login via Authentik'
  3. Get"Internal Error" page.

Screenshots Included are the Authentik and Kasm OpenID setup: 1 2 3 4 5 6

Application authroized log from Authentik:

Context
{
    "asn": {
        "asn": 43357,
        "as_org": "Owl Limited",
        "network": "103.136.147.0/24"
    },
    "geo": {
        "lat": -33.8715,
        "city": "Sydney",
        "long": 151.2006,
        "country": "AU",
        "continent": "OC"
    },
    "flow": "4a09a248d5cexxxxxxxxxxxxxxxxxxxxxx",
    "scopes": "profile email openid",
    "http_request": {
        "args": {
            "scope": "email openid profile",
            "state": "708228d4803e4907870cdbxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
            "client_id": "cGjahZGUW7dxxxxxxxxxxxxxxxxxxxxxxxxxx",
            "redirect_uri": "https://kasm.domain.tld/api/oidc_callback",
            "response_type": "code"
        },
        "path": "/api/v3/flows/executor/default-provider-authorization-implicit-consent/",
        "method": "GET",
        "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0"
    },
    "authorized_application": {
        "pk": "d2d9f364xxxxxxxx",
        "app": "authentik_core",
        "name": "Kasm",
        "model_name": "application"
    }
}
User
{
    "pk": 9,
    "email": "first.last@domain.tld",
    "username": "firstlast"
}

Environment

- OS: Unraid 6.12.8
- How docker service was installed: Using the Unraid's native docker to install this image: lscr.io/linuxserver/kasm:latest

CPU architecture

x86-64

Docker creation

docker run
  -d
  --name='kasm'
  --net='watan-network'
  --privileged=true
  -e TZ="Australia/Sydney"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="Watan"
  -e HOST_CONTAINERNAME="kasm"
  -e '--admin-password'='xxxxx'
  -e '--user-password'='xxxxx'
  -e 'KASM_PORT'='6333'
  -e 'UMASK'='022'
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.webui='https://[IP]:[PORT:3000]'
  -l net.unraid.docker.icon='https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/kasm-logo.png'
  -p '3000:3000/tcp'
  -p '6333:6333/tcp'
  -v '/mnt/user/appdata/kasm':'/opt':'rw'
  -v '/mnt/user/appdata/kasm/profiles':'/profiles':'rw' 'lscr.io/linuxserver/kasm:latest'

Container logs

"message": "Unhandled exception occurred\nTraceback (most recent call last):\n  File \"cherrypy/_cprequest.py\", line 628, in respond\n  File \"cherrypy/_cprequest.py\", line 687, in _do_respond\n  File \"cherrypy/lib/encoding.py\", line 219, in __call__\n  File \"cherrypy/_cpdispatch.py\", line 54, in __call__\n  File \"utils.py\", line 99, in wrapper\n  File \"client_api.py\", line 952, in oidc_callback\n  File \"authentication/oidc/__init__.py\", line 52, in process_callback\n  File \"requests_oauthlib/oauth2_session.py\", line 360, in fetch_token\n  File \"oauthlib/oauth2/rfc6749/clients/base.py\", line 427, in parse_request_body_response\n  File \"oauthlib/oauth2/rfc6749/parameters.py\", line 441, in parse_token_response\n  File \"oauthlib/oauth2/rfc6749/parameters.py\", line 451, in validate_token_parameters\noauthlib.oauth2.rfc6749.errors.MissingTokenError: (missing_token) Missing access token parameter."
github-actions[bot] commented 7 months ago

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

LinuxServer-CI commented 6 months ago

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

aldervall commented 6 months ago

Getting this on Zitadel also.

Unhandled exception occurred Traceback (most recent call last): File "cherrypy/_cprequest.py", line 628, in respond File "cherrypy/_cprequest.py", line 687, in _do_respond File "cherrypy/lib/encoding.py", line 219, in call File "cherrypy/_cpdispatch.py", line 54, in call File "utils.py", line 99, in wrapper File "client_api.py", line 947, in oidc_callback KeyError: 'state'

LinuxServer-CI commented 5 months ago

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

github-actions[bot] commented 2 months ago

This issue is locked due to inactivity