Open mohamed-essam opened 2 months ago
Hi,
I’ m having the same situation and same behavior with latest and G.Workspace.
Thanks for creating the issue.
hey @mohamed-essam and @Zwordi Does this happen on older NetBird versions? Could you please share the generated JWT token contents jwt.io through Slack?
Hello @braginini,
Do you mean client or management versions? As this installation is used by multiple other people within my organization I will be unable to downgrade the server version to test for extended amounts of time.
As for the generated JWT token contents, does that appear in debug logs? Or do I need to do something specific to get that once the error occurs?
I took a quick look in the code and I think the root cause may be a failure in updating the JSONWebKey in https://github.com/netbirdio/netbird/blob/main/management/server/jwtclaims/jwtValidator.go#L108 , I turned on debug logging yesterday and waiting for the issue to occur again to be able to share the debug logs around the time the issue starts.
On a separate topic I believe that line of logging should definitely be a Warn or Error not Debug.
Some extra information I forgot to include: This issue is most likely server-side as it caused all SSO clients to be unable to connect (my own client and 4 other personnel were unable to authenticate)
I found that the config generated by the setup script has HttpConfig.IdpSignKeyRefreshEnabled
set to false
, changed it to true manually, and will check if it works and report back
Side note: the issue occurred again today, it seems to be occurring almost weekly
This week no issue occurred, the issue seems to be the setup script disables refreshing idp keys for Google workspace when it should be enabled
I found that the config generated by the setup script has
HttpConfig.IdpSignKeyRefreshEnabled
set tofalse
, changed it to true manually, and will check if it works and report backSide note: the issue occurred again today, it seems to be occurring almost weekly
thanks a lot. seems working for me. IMO, for SSO it should be default behaviour
Describe the problem
Randomly every few days,
netbird up
fails withError: waiting sso login failed with: rpc error: code = InvalidArgument desc = invalid jwt token, err: Error parsing token: unable to find appropriate key
, this is fixed by restarting management serviceTo Reproduce
Unknown
Expected behavior
Connection to be established normally
Are you using NetBird Cloud?
Self-hosted.
NetBird version
0.28.4
NetBird status -d output:
N/A
Screenshots
N/A
Additional context
Management server logs:
iDP Used: Google Workspace
netbird up -F -l debug
output: