mlsmaycon
commented
1 year ago Hello @a7g4 , can you share the management service logs and your setup.env file after masking the sensitive information (domains, secret keys, etc) from it?
Open a7g4 opened 1 year ago
mlsmaycon
commented
1 year ago Hello @a7g4 , can you share the management service logs and your setup.env file after masking the sensitive information (domains, secret keys, etc) from it?
a7g4
commented
1 year ago setup.env:
## example file, you can copy this file to setup.env and update its values
##
# Dashboard domain. e.g. app.mydomain.com
NETBIRD_DOMAIN="netbird.XXX"
# -------------------------------------------
# OIDC
# e.g., https://example.eu.auth0.com/.well-known/openid-configuration
# -------------------------------------------
NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://keycloak.XXX/realms/corp/.well-known/openid-configuration"
NETBIRD_AUTH_AUDIENCE="netbird-client"
# e.g. netbird-client
NETBIRD_AUTH_CLIENT_ID="netbird-client"
NETBIRD_AUTH_CLIENT_SECRET="XXX"
# if you want to use a custom claim for the user ID instead of 'sub', set it here
# NETBIRD_AUTH_USER_ID_CLAIM=""
# indicates whether to use Auth0 or not: true or false
NETBIRD_USE_AUTH0="false"
# if your IDP provider doesn't support fragmented URIs, configure custom
# redirect and silent redirect URIs, these will be concatenated into your NETBIRD_DOMAIN domain.
# NETBIRD_AUTH_REDIRECT_URI="/peers"
# NETBIRD_AUTH_SILENT_REDIRECT_URI="/add-peers"
# Updates the preference to use id tokens instead of access token on dashboard
# Okta and Gitlab IDPs can benefit from this
# NETBIRD_TOKEN_SOURCE="idToken"
# -------------------------------------------
# OIDC Device Authorization Flow
# -------------------------------------------
NETBIRD_AUTH_DEVICE_AUTH_PROVIDER="netbird-client"
NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID=""
# Some IDPs requires different audience, scopes and to use id token for device authorization flow
# you can customize here:
NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE=$NETBIRD_AUTH_AUDIENCE
NETBIRD_AUTH_DEVICE_AUTH_SCOPE="openid"
NETBIRD_AUTH_DEVICE_AUTH_USE_ID_TOKEN=false
# -------------------------------------------
# IDP Management
# -------------------------------------------
# eg. zitadel, auth0, azure, keycloak
NETBIRD_MGMT_IDP="keycloak"
# Some IDPs requires different client id and client secret for management api
NETBIRD_IDP_MGMT_CLIENT_ID="netbird-backend"
NETBIRD_IDP_MGMT_CLIENT_SECRET="XXX"
NETBIRD_IDP_MGMT_EXTRA_ADMIN_ENDPOINT="https://keycloak.XXX/admin/realms/corp"
# NETBIRD_IDP_MGMT_EXTRA_ variables. See https://docs.netbird.io/selfhosted/identity-providers for more information about your IDP of choice.
# -------------------------------------------
# Letsencrypt
# -------------------------------------------
# Disable letsencrypt
# if disabled, cannot use HTTPS anymore and requires setting up a reverse-proxy to do it instead
NETBIRD_DISABLE_LETSENCRYPT=false
# e.g. hello@mydomain.com
NETBIRD_LETSENCRYPT_EMAIL="XXX"
# -------------------------------------------
# Extra settings
# -------------------------------------------
# Disable anonymous metrics collection, see more information at https://netbird.io/docs/FAQ/metrics-collection
NETBIRD_DISABLE_ANONYMOUS_METRICS=false
# DNS DOMAIN configures the domain name used for peer resolution. By default it is netbird.selfhosted
NETBIRD_MGMT_DNS_DOMAIN=XXXManagement logs:
infrastructure_files-management-1 | time="2023-06-16T20:13:49Z" level=info msg="loading OIDC configuration from the provided IDP configuration endpoint https://keycloak.XXXX/realms/corp/.well-known/openid-configuration"
infrastructure_files-management-1 | time="2023-06-16T20:13:50Z" level=info msg="loaded OIDC configuration from the provided IDP configuration endpoint: https://keycloak.XXX/realms/corp/.well-known/openid-configuration"
infrastructure_files-management-1 | time="2023-06-16T20:13:50Z" level=info msg="overriding HttpConfig.AuthIssuer with a new value https://keycloak.XXX/realms/corp, previously configured value: https://keycloak.XXX/realms/corp"
infrastructure_files-management-1 | time="2023-06-16T20:13:50Z" level=info msg="overriding HttpConfig.AuthKeysLocation (JWT certs) with a new value https://keycloak.XXX/realms/corp/protocol/openid-connect/certs, previously configured value: https://keycloak.XXX/realms/corp/protocol/openid-connect/certs"
infrastructure_files-management-1 | 2023-06-16T20:13:50Z INFO management/server/telemetry/app_metrics.go:161: enabled application metrics and exposing on http://0.0.0.0:8081
infrastructure_files-management-1 | 2023-06-16T20:13:50Z INFO management/server/account.go:638: single account mode enabled, accounts number 1
infrastructure_files-management-1 | 2023-06-16T20:13:50Z INFO management/cmd/management.go:233: running gRPC backward compatibility server: [::]:33073
infrastructure_files-management-1 | 2023-06-16T20:13:50Z INFO management/cmd/management.go:265: running HTTP server and gRPC server on the same port: [::]:443
infrastructure_files-management-1 | 2023-06-16T20:13:50Z INFO management/server/account.go:825: warmed up IDP cache with 0 entries
infrastructure_files-management-1 | 2023-06-16T20:13:54Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:13:54Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2211667744: GET /api/users status 401
infrastructure_files-management-1 | 2023-06-16T20:13:55Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:13:55Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:13:55Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:13:55Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3418110597: GET /api/users status 401
infrastructure_files-management-1 | 2023-06-16T20:13:55Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3412554012: GET /api/peers status 401
infrastructure_files-management-1 | 2023-06-16T20:13:55Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2395002159: GET /api/groups status 401
infrastructure_files-management-1 | 2023-06-16T20:14:30Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:14:30Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:14:30Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:14:30Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 880387937: GET /api/users status 401
infrastructure_files-management-1 | 2023-06-16T20:14:30Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1722218135: GET /api/peers status 401
infrastructure_files-management-1 | 2023-06-16T20:14:31Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3802514750: GET /api/groups status 401
infrastructure_files-management-1 | 2023-06-16T20:14:50Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:14:50Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 508241012: GET /api/users status 401
infrastructure_files-management-1 | 2023-06-16T20:14:50Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:14:50Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:14:50Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:14:50Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2849528078: GET /api/users status 401
infrastructure_files-management-1 | 2023-06-16T20:14:50Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1632151311: GET /api/peers status 401
infrastructure_files-management-1 | 2023-06-16T20:14:50Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 4263832331: GET /api/groups status 401
infrastructure_files-management-1 | 2023-06-16T20:14:59Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:14:59Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 710235830: GET /api/users status 401
infrastructure_files-management-1 | 2023-06-16T20:15:00Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:15:00Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:15:00Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:15:00Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3944937754: GET /api/users status 401
infrastructure_files-management-1 | 2023-06-16T20:15:00Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3352265617: GET /api/peers status 401
infrastructure_files-management-1 | 2023-06-16T20:15:00Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 137198349: GET /api/groups status 401
infrastructure_files-management-1 | 2023-06-16T20:15:13Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:15:13Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:15:13Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:15:13Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:15:13Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2928381495: GET /api/groups status 401
infrastructure_files-management-1 | 2023-06-16T20:15:13Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1095323996: GET /api/groups status 401
infrastructure_files-management-1 | 2023-06-16T20:15:14Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1114125115: GET /api/users?service_user=false status 401
infrastructure_files-management-1 | 2023-06-16T20:15:14Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 849930274: GET /api/users status 401
infrastructure_files-management-1 | 2023-06-16T20:15:24Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:15:24Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3332178385: GET /api/users status 401
infrastructure_files-management-1 | 2023-06-16T20:15:25Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:15:25Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:15:25Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:15:25Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1723042344: GET /api/users status 401
infrastructure_files-management-1 | 2023-06-16T20:15:25Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3051062707: GET /api/groups status 401
infrastructure_files-management-1 | 2023-06-16T20:15:25Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1306275105: GET /api/peers status 401
infrastructure_files-management-1 | 2023-06-16T20:19:01Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:19:01Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:19:01Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:19:01Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2528218852: GET /api/users status 401
infrastructure_files-management-1 | 2023-06-16T20:19:01Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3220519441: GET /api/peers status 401
infrastructure_files-management-1 | 2023-06-16T20:19:01Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 216561841: GET /api/groups status 401
infrastructure_files-management-1 | 2023-06-16T20:19:56Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:19:56Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:19:56Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:19:56Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3041306961: GET /api/users status 401
infrastructure_files-management-1 | 2023-06-16T20:19:56Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1342349888: GET /api/peers status 401
infrastructure_files-management-1 | 2023-06-16T20:19:56Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1682124183: GET /api/groups status 401
infrastructure_files-management-1 | 2023-06-16T20:22:42Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:22:42Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2461511402: GET /api/users status 401
infrastructure_files-management-1 | 2023-06-16T20:22:42Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:22:42Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:22:42Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:22:42Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 646400623: GET /api/users status 401
infrastructure_files-management-1 | 2023-06-16T20:22:42Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 950116203: GET /api/peers status 401
infrastructure_files-management-1 | 2023-06-16T20:22:42Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 783724766: GET /api/groups status 401
infrastructure_files-management-1 | 2023-06-16T20:23:32Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:23:32Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:23:32Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:23:32Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1245104892: GET /api/users status 401
infrastructure_files-management-1 | 2023-06-16T20:23:32Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3958465648: GET /api/peers status 401
infrastructure_files-management-1 | 2023-06-16T20:23:32Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 564420133: GET /api/groups status 401
infrastructure_files-management-1 | 2023-06-16T20:27:13Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:27:13Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:27:13Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:27:13Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3523109639: GET /api/users status 401
infrastructure_files-management-1 | 2023-06-16T20:27:13Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 921908523: GET /api/peers status 401
infrastructure_files-management-1 | 2023-06-16T20:27:13Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1709629572: GET /api/groups status 401
infrastructure_files-management-1 | 2023-06-16T20:28:03Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:28:03Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:28:03Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:28:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1933412452: GET /api/users status 401
infrastructure_files-management-1 | 2023-06-16T20:28:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 657611697: GET /api/peers status 401
infrastructure_files-management-1 | 2023-06-16T20:28:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2745785236: GET /api/groups status 401
infrastructure_files-management-1 | 2023-06-16T20:31:44Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:31:44Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:31:44Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:31:44Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2319208828: GET /api/users status 401
infrastructure_files-management-1 | 2023-06-16T20:31:44Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3899488956: GET /api/peers status 401
infrastructure_files-management-1 | 2023-06-16T20:31:44Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1935392305: GET /api/groups status 401
infrastructure_files-management-1 | 2023-06-16T20:32:34Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:32:34Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:32:34Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:32:34Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 4179990269: GET /api/users status 401
infrastructure_files-management-1 | 2023-06-16T20:32:34Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 417756283: GET /api/peers status 401
infrastructure_files-management-1 | 2023-06-16T20:32:34Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3173463474: GET /api/groups status 401
infrastructure_files-management-1 | 2023-06-16T20:36:15Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:36:15Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:36:15Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:36:15Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 945906577: GET /api/users status 401
infrastructure_files-management-1 | 2023-06-16T20:36:16Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 422450056: GET /api/peers status 401
infrastructure_files-management-1 | 2023-06-16T20:36:16Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 406063406: GET /api/groups status 401
infrastructure_files-management-1 | 2023-06-16T20:37:06Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:37:06Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:37:06Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:37:06Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1788541883: GET /api/users status 401
infrastructure_files-management-1 | 2023-06-16T20:37:06Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1790377350: GET /api/peers status 401
infrastructure_files-management-1 | 2023-06-16T20:37:06Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2944422195: GET /api/groups status 401
infrastructure_files-management-1 | 2023-06-16T20:40:46Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:40:46Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:40:46Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:40:47Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3493897694: GET /api/users status 401
infrastructure_files-management-1 | 2023-06-16T20:40:47Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3466033503: GET /api/peers status 401
infrastructure_files-management-1 | 2023-06-16T20:40:47Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1232069786: GET /api/groups status 401
infrastructure_files-management-1 | 2023-06-16T20:41:37Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:41:37Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:41:37Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T20:41:37Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 4090286733: GET /api/users status 401
infrastructure_files-management-1 | 2023-06-16T20:41:37Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 912947053: GET /api/peers status 401
infrastructure_files-management-1 | 2023-06-16T20:41:37Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 771940875: GET /api/groups status 401Thanks, @a7g4 , you have a few environment variables that needs to be adjusted adjusted:
#NETBIRD_AUTH_CLIENT_SECRET should be removed
NETBIRD_AUTH_DEVICE_AUTH_PROVIDER=hosted
NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID=netbird-clientAfter updating these, run the configure.sh once again and restart all containers, then test the dashboard and the client.
a7g4
commented
1 year ago `#NETBIRD_AUTH_CLIENT_SECRET should be removed
And set the client back to "Client authentication: OFF" in Keycloak?
Still seeing the same error with this updated setup.env:
## example file, you can copy this file to setup.env and update its values
##
# Dashboard domain. e.g. app.mydomain.com
NETBIRD_DOMAIN="netbird.XXX"
# -------------------------------------------
# OIDC
# e.g., https://example.eu.auth0.com/.well-known/openid-configuration
# -------------------------------------------
NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://keycloak.XXX/realms/corp/.well-known/openid-configuration"
NETBIRD_AUTH_AUDIENCE="netbird-client"
# e.g. netbird-client
NETBIRD_AUTH_CLIENT_ID="netbird-client"
#NETBIRD_AUTH_CLIENT_SECRET="Pmt94DhcZ7AwnzfyYcXlpx7w4OYPdcHE"
# if you want to use a custom claim for the user ID instead of 'sub', set it here
# NETBIRD_AUTH_USER_ID_CLAIM=""
# indicates whether to use Auth0 or not: true or false
NETBIRD_USE_AUTH0="false"
# if your IDP provider doesn't support fragmented URIs, configure custom
# redirect and silent redirect URIs, these will be concatenated into your NETBIRD_DOMAIN domain.
# NETBIRD_AUTH_REDIRECT_URI="/peers"
# NETBIRD_AUTH_SILENT_REDIRECT_URI="/add-peers"
# Updates the preference to use id tokens instead of access token on dashboard
# Okta and Gitlab IDPs can benefit from this
# NETBIRD_TOKEN_SOURCE="idToken"
# -------------------------------------------
# OIDC Device Authorization Flow
# -------------------------------------------
NETBIRD_AUTH_DEVICE_AUTH_PROVIDER="hosted"
NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID="netbird-client"
# Some IDPs requires different audience, scopes and to use id token for device authorization flow
# you can customize here:
NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE=$NETBIRD_AUTH_AUDIENCE
NETBIRD_AUTH_DEVICE_AUTH_SCOPE="openid"
NETBIRD_AUTH_DEVICE_AUTH_USE_ID_TOKEN=false
# -------------------------------------------
# IDP Management
# -------------------------------------------
# eg. zitadel, auth0, azure, keycloak
NETBIRD_MGMT_IDP="keycloak"
# Some IDPs requires different client id and client secret for management api
NETBIRD_IDP_MGMT_CLIENT_ID="netbird-backend"
NETBIRD_IDP_MGMT_CLIENT_SECRET="ZAWDNdOBWRLCaOsOV8EQGIV7LxnNzDep"
NETBIRD_IDP_MGMT_EXTRA_ADMIN_ENDPOINT="https://keycloak.XXX/admin/realms/corp"
# NETBIRD_IDP_MGMT_EXTRA_ variables. See https://docs.netbird.io/selfhosted/identity-providers for more information about your IDP of choice.
# -------------------------------------------
# Letsencrypt
# -------------------------------------------
# Disable letsencrypt
# if disabled, cannot use HTTPS anymore and requires setting up a reverse-proxy to do it instead
NETBIRD_DISABLE_LETSENCRYPT=false
# e.g. hello@mydomain.com
NETBIRD_LETSENCRYPT_EMAIL="XXX"
# -------------------------------------------
# Extra settings
# -------------------------------------------
# Disable anonymous metrics collection, see more information at https://netbird.io/docs/FAQ/metrics-collection
NETBIRD_DISABLE_ANONYMOUS_METRICS=false
# DNS DOMAIN configures the domain name used for peer resolution. By default it is netbird.selfhosted
NETBIRD_MGMT_DNS_DOMAIN=XXXNew management logs:
infrastructure_files-management-1 | time="2023-06-16T21:17:37Z" level=info msg="loading OIDC configuration from the provided IDP configuration endpoint https://keycloak.XXX/realms/corp/.well-known/openid-configuration"
infrastructure_files-management-1 | time="2023-06-16T21:17:37Z" level=info msg="loaded OIDC configuration from the provided IDP configuration endpoint: https://keycloak.XXX/realms/corp/.well-known/openid-configuration"
infrastructure_files-management-1 | time="2023-06-16T21:17:37Z" level=info msg="overriding HttpConfig.AuthIssuer with a new value https://keycloak.XXX/realms/corp, previously configured value: https://keycloak.XXX/realms/corp"
infrastructure_files-management-1 | time="2023-06-16T21:17:37Z" level=info msg="overriding HttpConfig.AuthKeysLocation (JWT certs) with a new value https://keycloak.XXX/realms/corp/protocol/openid-connect/certs, previously configured value: https://keycloak.XXX/realms/corp/protocol/openid-connect/certs"
infrastructure_files-management-1 | time="2023-06-16T21:17:37Z" level=info msg="overriding DeviceAuthorizationFlow.TokenEndpoint with a new value: https://keycloak.XXX/realms/corp/protocol/openid-connect/token, previously configured value: https://keycloak.XXX/realms/corp/protocol/openid-connect/token"
infrastructure_files-management-1 | time="2023-06-16T21:17:37Z" level=info msg="overriding DeviceAuthorizationFlow.DeviceAuthEndpoint with a new value: https://keycloak.XXX/realms/corp/protocol/openid-connect/auth/device, previously configured value: https://keycloak.XXX/realms/corp/protocol/openid-connect/auth/device"
infrastructure_files-management-1 | time="2023-06-16T21:17:37Z" level=info msg="overriding DeviceAuthorizationFlow.ProviderConfig.Domain with a new value: keycloak.XXX, previously configured value: "
infrastructure_files-management-1 | 2023-06-16T21:17:37Z INFO management/server/telemetry/app_metrics.go:161: enabled application metrics and exposing on http://0.0.0.0:8081
infrastructure_files-management-1 | 2023-06-16T21:17:37Z INFO management/server/account.go:638: single account mode enabled, accounts number 1
infrastructure_files-management-1 | 2023-06-16T21:17:37Z INFO management/cmd/management.go:233: running gRPC backward compatibility server: [::]:33073
infrastructure_files-management-1 | 2023-06-16T21:17:37Z INFO management/cmd/management.go:265: running HTTP server and gRPC server on the same port: [::]:443
infrastructure_files-management-1 | 2023-06-16T21:17:37Z INFO management/server/account.go:825: warmed up IDP cache with 0 entries
infrastructure_files-management-1 | 2023-06-16T21:17:43Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T21:17:43Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T21:17:43Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T21:17:43Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 293298994: GET /api/users status 401
infrastructure_files-management-1 | 2023-06-16T21:17:43Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 4282091933: GET /api/peers status 401
infrastructure_files-management-1 | 2023-06-16T21:17:43Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2855558828: GET /api/groups status 401
infrastructure_files-management-1 | 2023-06-16T21:19:53Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T21:19:53Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T21:19:53Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T21:19:53Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3835051607: GET /api/users status 401
infrastructure_files-management-1 | 2023-06-16T21:19:53Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 4205796443: GET /api/peers status 401
infrastructure_files-management-1 | 2023-06-16T21:19:53Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1250870319: GET /api/groups status 401(Side note: if you have a paid support plan, we'd happily sign up :) )
EDIT: I failed at redacting data 😑 client secrets have been rotated
a7g4
commented
1 year ago Ooops - slightly different than before actually.
The dashboard is the same
But when I try to connect I get a different error:
netbird up --management-url https://netbird.mapless.dev:33073 --admin-url https://netbird.XXX:443
Please do the SSO login in your browser.
If your browser didn't open automatically, use this URL to log in:
https://keycloak.XXX/realms/corp/device?user_code=LHCX-ZVPD After going through the login flow with Keycloak, the client spits out this:
Error: waiting sso login failed with: rpc error: code = Internal desc = failed handling requestThese looks like the relevant logs from the management container:
infrastructure_files-management-1 | 2023-06-16T21:26:44Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2181928835: GET /api/users status 401
infrastructure_files-management-1 | 2023-06-16T21:26:44Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3250480700: GET /api/peers status 401
infrastructure_files-management-1 | 2023-06-16T21:26:44Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 941238992: GET /api/groups status 401
infrastructure_files-management-1 | 2023-06-16T21:27:13Z WARN management/server/grpcserver.go:322: failed logging in peer a6DQxBa9eybXlFTcE2+IsMZ6J8TIl+JL1L/wiQQaiys=
infrastructure_files-management-1 | 2023-06-16T21:27:22Z WARN management/server/grpcserver.go:322: failed logging in peer a6DQxBa9eybXlFTcE2+IsMZ6J8TIl+JL1L/wiQQaiys=
infrastructure_files-management-1 | 2023-06-16T21:27:22Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T21:27:22Z WARN management/server/grpcserver.go:305: failed validating JWT token sent from peer a6DQxBa9eybXlFTcE2+IsMZ6J8TIl+JL1L/wiQQaiys=
infrastructure_files-management-1 | 2023-06-16T21:27:22Z ERRO management/server/grpcserver.go:234: got an unhandled error: rpc error: code = Internal desc = unable to fetch account with claims, err: updating user's app metadata failed with: unable to update the appMetadata, statusCode 404
infrastructure_files-management-1 | 2023-06-16T21:27:47Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T21:27:47Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1488696707: GET /api/users status 401
infrastructure_files-management-1 | 2023-06-16T21:27:47Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T21:27:47Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T21:27:47Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1 | 2023-06-16T21:27:47Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3084311871: GET /api/users status 401
infrastructure_files-management-1 | 2023-06-16T21:27:47Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 4062223927: GET /api/peers status 401
infrastructure_files-management-1 | 2023-06-16T21:27:47Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1425110249: GET /api/groups status 401Could you set none for MGM IDP, NETBIRD_MGMT_IDP=none, and try the steps again? The IDP management might be causing the issues.
a7g4
commented
1 year ago Woohooo 🎉 that works
Clients can connect and the dashboard works!
What does the IDP management do? (And is it worth me debugging why that isn't working)?
mlsmaycon
commented
1 year ago The IDP manager is mainly mapping user IDs from netbird management system to emails from your IDP
It needs permissions to update your IDP user's attributes, like it adds the netbird account ID to a user.
UncleJ4ck
commented
1 year ago i have the same error with a different return code:
Request failed with status code 401. Please refresh the page if the issue continues.
token invaliddocker management logs:
2023-06-28T23:33:07Z INFO management/server/telemetry/app_metrics.go:161: enabled application metrics and exposing on http://0.0.0.0:8081
2023-06-28T23:33:07Z INFO management/server/account.go:638: single account mode enabled, accounts number 0
2023-06-28T23:33:07Z INFO management/cmd/management.go:233: running gRPC backward compatibility server: [::]:33073
2023-06-28T23:33:07Z INFO management/cmd/management.go:265: running HTTP server and gRPC server on the same port: [::]:443
2023-06-28T23:33:11Z WARN management/server/account.go:674: failed warming up cache due to error: unable to get keycloak token, statusCode 401that's my setup.env:
## example file, you can copy this file to setup.env and update its values
##
# Dashboard domain. e.g. app.mydomain.com
NETBIRD_DOMAIN="XXXXX"
# -------------------------------------------
# OIDC
# e.g., https://example.eu.auth0.com/.well-known/openid-configuration
# ------------------------------------------
NETBIRD_AUTH_DEVICE_AUTH_PROVIDER=hosted
NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://XXXXX/auth/realms/netbird/.well-known/openid-configuration"
NETBIRD_USE_AUTH0=false
NETBIRD_AUTH_CLIENT_ID="netbird-client"
NETBIRD_AUTH_AUDIENCE="netbird-client"
NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID="netbird-client"
NETBIRD_MGMT_IDP="keycloak"
NETBIRD_IDP_MGMT_CLIENT_ID="netbird-backend"
NETBIRD_IDP_MGMT_CLIENT_SECRET="XXXXX"
NETBIRD_IDP_MGMT_EXTRA_ADMIN_ENDPOINT="https://XXXXX/auth/realms/netbird"
# -------------------------------------------
# Letsencrypt
# -------------------------------------------
# Disable letsencrypt
# if disabled, cannot use HTTPS anymore and requires setting up a reverse-proxy to do it instead
# e.g. hello@mydomain.com
NETBIRD_LETSENCRYPT_EMAIL="XXXXX"
# -------------------------------------------
# Extra settings
# -------------------------------------------
# Disable anonymous metrics collection, see more information at https://netbird.io/docs/FAQ/metrics-collection
NETBIRD_DISABLE_ANONYMOUS_METRICS=false
# DNS DOMAIN configures the domain name used for peer resolution. By default it is netbird.selfhosted
NETBIRD_MGMT_DNS_DOMAIN=netbird.selfhostedwhen i try to connect in the client side:
sudo netbird up --management-url https://XXXXXXXX:33073
Error: login failed: rpc error: code = NotFound desc = no SSO provider returned from management. If you are using hosting Netbird see documentation at https://github.com/netbirdio/netbird/tree/main/management for detailsfor the netbird-backend, i didn't do the management steps because, the services accounts roles tab is missing
new management logs:
2023-06-28T23:33:07Z INFO management/server/telemetry/app_metrics.go:161: enabled application metrics and exposing on http://0.0.0.0:8081
2023-06-28T23:33:07Z INFO management/server/account.go:638: single account mode enabled, accounts number 0
2023-06-28T23:33:07Z INFO management/cmd/management.go:233: running gRPC backward compatibility server: [::]:33073
2023-06-28T23:33:07Z INFO management/cmd/management.go:265: running HTTP server and gRPC server on the same port: [::]:443
2023-06-28T23:33:11Z WARN management/server/account.go:674: failed warming up cache due to error: unable to get keycloak token, statusCode 401
2023-06-29T00:19:15Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3101701186: GET /api/users status 401
2023-06-29T00:19:15Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 335186381: GET /api/peers status 401
2023-06-29T00:19:15Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 449313820: GET /api/groups status 401
2023-06-29T00:19:15Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 780097130: GET /api/users status 401
2023-06-29T00:23:46Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3241716118: GET /api/peers status 401
2023-06-29T00:23:46Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 376855912: GET /api/users status 401
2023-06-29T00:23:46Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3584425485: GET /api/groups status 401
2023-06-29T00:23:50Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 997841889: GET /api/users status 401
2023-06-29T00:23:50Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3647231711: GET /api/users status 401
2023-06-29T00:23:50Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2307183365: GET /api/peers status 401
2023-06-29T00:23:50Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 418149988: GET /api/groups status 401
2023-06-29T00:24:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3370837239: GET /api/groups status 401
2023-06-29T00:24:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2633305945: GET /api/users status 401
2023-06-29T00:24:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1883989961: GET /api/users?service_user=false status 401
2023-06-29T00:24:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1727792694: GET /api/groups status 401
2023-06-29T00:24:04Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 127726435: GET /api/users status 401
2023-06-29T00:24:04Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1972559671: GET /api/groups status 401
2023-06-29T00:24:04Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3935102461: GET /api/peers status 401
2023-06-29T00:28:21Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 549383702: GET /api/peers status 401
2023-06-29T00:28:21Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3104191757: GET /api/users status 401
2023-06-29T00:28:21Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3006261035: GET /api/groups status 401
2023-06-29T00:30:18Z WARN management/server/grpcserver.go:322: failed logging in peer sajM8Azu99EOT4XkyUrxnVzlk9xMn5pL1tkkNCgT72w=
2023-06-29T00:30:21Z WARN management/server/grpcserver.go:322: failed logging in peer sajM8Azu99EOT4XkyUrxnVzlk9xMn5pL1tkkNCgT72w=
2023-06-29T00:32:52Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2288542812: GET /api/users status 401
2023-06-29T00:32:52Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1587588152: GET /api/peers status 401
2023-06-29T00:32:52Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 584506530: GET /api/groups status 401
2023-06-29T00:33:55Z WARN management/server/grpcserver.go:322: failed logging in peer sajM8Azu99EOT4XkyUrxnVzlk9xMn5pL1tkkNCgT72w=Could you set none for MGM IDP,
NETBIRD_MGMT_IDP=none, and try the steps again? The IDP management might be causing the issues.
when i applied your solution, there was no error in the logs as you can see except for the failed logging
2023-06-29T00:37:02Z INFO management/server/telemetry/app_metrics.go:161: enabled application metrics and exposing on http://0.0.0.0:8081
2023-06-29T00:37:02Z INFO management/server/account.go:638: single account mode enabled, accounts number 0
2023-06-29T00:37:02Z INFO management/cmd/management.go:233: running gRPC backward compatibility server: [::]:33073
2023-06-29T00:37:02Z INFO management/cmd/management.go:265: running HTTP server and gRPC server on the same port: [::]:443
2023-06-29T00:37:20Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1156255722: GET /api/users status 401
2023-06-29T00:37:21Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 4216770680: GET /api/users status 401
2023-06-29T00:37:21Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2500198024: GET /api/peers status 401
2023-06-29T00:37:21Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2101615207: GET /api/groups status 401
2023-06-29T00:37:26Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1358336014: GET /api/users status 401
2023-06-29T00:37:26Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2754622528: GET /api/peers status 401
2023-06-29T00:37:26Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 107507818: GET /api/groups status 401
2023-06-29T00:37:26Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3121298828: GET /api/users status 401
2023-06-29T00:37:46Z WARN management/server/grpcserver.go:322: failed logging in peer sajM8Azu99EOT4XkyUrxnVzlk9xMn5pL1tkkNCgT72w=but when i tried to connect in the client side, it didn't work:
sudo netbird up --management-url https://XXXXXXXXXXX:33073
Please do the SSO login in your browser.
If your browser didn't open automatically, use this URL to log in:
https://XXXXXXXXXXXXX/auth/realms/netbird/device?user_code=TUNW-JWND
Alternatively, you may want to use a setup key, see:
https://www.netbird.io/docs/overview/setup-keys
^[[1;2D²Error: waiting sso login failed with: rpc error: code = Unknown desc = validate access token failed with error: invalid JWT token audience fieldi solved the issue about keycloak service account roles, you should check it in the settings to appear
but the problem persists
Akruidenberg
commented
12 months ago same problem for me
NatureLR
commented
9 months ago me too
I refer to this installation https://docs.netbird.io/selfhosted/selfhosted-quickstart
management log:
2023-09-24T05:44:22Z INFO management/server/account.go:1335: overriding JWT Domain and DomainCategory claims since single account mode is enabled 2023-09-24T05:44:22Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2559830804: GET /api/users status 401 2023-09-24T05:50:01Z INFO management/server/account.go:1335: overriding JWT Domain and DomainCategory claims since single account mode is enabled 2023-09-24T05:50:02Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 407684084: GET /api/users status 401 2023-09-24T05:50:03Z INFO management/server/account.go:1335: overriding JWT Domain and DomainCategory claims since single account mode is enabled 2023-09-24T05:50:03Z INFO management/server/account.go:1335: overriding JWT Domain and DomainCategory claims since single account mode is enabled 2023-09-24T05:50:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 776034320: GET /api/groups status 401 2023-09-24T05:50:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2539142729: GET /api/users status 401 2023-09-24T05:50:03Z INFO management/server/account.go:1335: overriding JWT Domain and DomainCategory claims since single account mode is enabled 2023-09-24T05:50:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 357926264: GET /api/users status 401
mlsmaycon
commented
9 months ago Hello @NatureLR, the issue has been fixed in the latest version, you can run docker compose pull followed by docker compose up -d --force-recreate management to upgrade.
NatureLR
commented
9 months ago Hello @NatureLR, the issue has been fixed in the latest version, you can run
docker compose pullfollowed bydocker compose up -d --force-recreate managementto upgrade.
very good it's Succeeded 😄
dogrocker
commented
6 months ago Hello @NatureLR, the issue has been fixed in the latest version, you can run
docker compose pullfollowed bydocker compose up -d --force-recreate managementto upgrade.
Same problem use docker compose pull and docker compose up -d --force-recreate management work but when token expired problem come again.
I refer to this installation https://docs.netbird.io/selfhosted/selfhosted-quickstart with google workspace.
Describe the problem
After upgrading from v0.14.4 to v0.21.3 I am unable to access the dashboard and get this error:
I suspect this is related to the new IdP changes but I am not sure what.
To Reproduce Steps to reproduce the behavior:
https://github.com/netbirdio/netbird.gitinfrastructure_files/setup.env.templatetoinfrastructure_files/setup.env(overwrite existing file from old version)netbird-clientin Keycloak andNETBIRD_AUTH_CLIENT_SECRETnetbird-backendand follow the steps here: https://docs.netbird.io/selfhosted/identity-providers#step-8-create-a-net-bird-backend-client./configure.shdocker compose pull && docker compose down && docker compose up -dExpected behavior
Things work as they used to
Additional context
I tried setting
NETBIRD_MGMT_IDP="none"and the dashboard loads but no clients can connect with this error: