Can't sign in

[deboer-tim]

I can't sign into SSO using this extension. I used to be able to, I'm guessing it was the move to 1.0 that broke it.

After clicking Sign In the SSO page opens, I enter my credentials, it eventually gives me the link to close and go back to Podman Desktop, but nothing has changed.

Second issue: no error to the user??

Here are the logs:

VM5:62 main ↪️ [redhat-authentication] REDHAT_AUTH_URL: https://sso.redhat.com/auth/realms/redhat-external/
VM5:62 main ↪️ [redhat-authentication] KAS_API_URL: https://api.openshift.com
VM5:62 main ↪️ [redhat-authentication] CLIENT_ID: https://api.openshift.com
VM5:62 main ↪️ Activating extension (redhat.redhat-authentication) with max activation time of 10 seconds
VM5:62 main ↪️ [redhat-authentication] starting redhat-authentication extension
VM5:62 main ↪️ Activating extension (redhat.redhat-authentication) ended in 300 milliseconds
VM5:62 main ↪️ Engine does not have an API or a libpod API, returning empty array Podman
VM5:62 main ↪️ [redhat-authentication] Received /signin
VM5:62 main ↪️ [redhat-authentication] https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/…de_challenge_method=S256&nonce=dLgLx5zihGoFs2cxAGgFUBl-XOU5vhdEcXfwEyHbHEg
VM5:62 main ↪️ [redhat-authentication] Received /sso-redhat-callback
VM5:62 main ↪️ [redhat-authentication] Received /
VM5:62 main ↪️ [redhat-authentication] Received /auth.css
VM5:62 main ↪️ [redhat-authentication] Subscription manager execution returned exit code: 125
2
VM5:62 main ↪️ [redhat-authentication] Subscription manager installation failed. Command execution failed with exit code 125: Command execution failed with exit code 125
VM5:62 main ↪️ [redhat-authentication] Subscription manager unregister failed. Command execution failed with exit code 125: Command execution failed with exit code 125
VM5:62 main ↪️ Command execution failed with exit code 125: Command execution failed with exit code 125
    at ChildProcess.<anonymous> (/Users/deboer/git/alternates/peter/podman-desktop/packages/main/dist/index.cjs:121791:29)
    at ChildProcess.emit (node:events:518:28)
    at ChildProcess._handle.onexit (node:internal/child_process:294:12)
VM5:62 main ↪️ Engine does not have an API or a libpod API, returning empty array Podman
VM5:62 main ↪️ Trying to watch deployments on the kubernetes context named "kind-kind" but got a connection refused, retrying the connection in 88s. Error: connect ECONNREFUSED 127.0.0.1:53701)
VM5:62 main ↪️ Trying to watch deployments on the kubernetes context named "kind-kind5" but got a connection refused, retrying the connection in 72s. Error: connect ECONNREFUSED 127.0.0.1:53397)
VM5:62 main ↪️ Trying to watch deployments on the kubernetes context named "kind-kind-cluster14" but got a connection refused, retrying the connection in 92s. Error: connect ECONNREFUSED 127.0.0.1:52545)
VM5:62 main ↪️ url podman-desktop:// does not start with podman-desktop:extension/, skipping.

• [x] #131
• [x] #133
• [x] #137
• [ ] #139

[vrothberg]

Are you running on Mac? Which version of the extension and podman desktop (and podman machine) did you use?

[deboer-tim]

Are you running on Mac? Which version of the extension and podman desktop (and podman machine) did you use?

macOS 14.4.1 Podman Desktop 1.10.0.next (latest main) Authentication extension: v1.0.0 (from catalog)

[dgolovin]

I can't sign into SSO using this extension. I used to be able to, I'm guessing it was the move to 1.0 that broke it.

Sign in forks fine and session is created. You experience the fact, that login is coupled with registry.redhat.io configuration and developer subscription activation. If any of it fails, you are being logged out.

After clicking Sign In the SSO page opens, I enter my credentials, it eventually gives me the link to close and go back to Podman Desktop, but nothing has changed.

There were multiple suggestions to show that you signed in using colors on status bar, but it is not possible at this point. Would adding Logged in/ Logged out to the right of the hat work for now?

Second issue: no error to the user??

I opened #131.

[deboer-tim]

I can't sign into SSO using this extension. I used to be able to, I'm guessing it was the move to 1.0 that broke it.

Sign in forks fine and session is created. You experience the fact, that login is coupled with registry.redhat.io configuration and developer subscription activation. If any of it fails, you are being logged out.

This wasn't working earlier today over several hours & attempts, trying both Podman Desktop 1.9 and 1.10.next, etc. (Authentication page still said LOGGED OUT, no user listed, and Sign In button was still there. Registry was not configured.) Can you tell from the log which service failed?

IMHO depending on 3 separate services to all be up and accessible at the same time sounds potentially fragile, and that means if I don't care about (e.g.) subscription I'm blocked from using the registry. As a user I'd prefer if we failed gracefully and let me use the things that are working now (or I can make the choice).

After clicking Sign In the SSO page opens, I enter my credentials, it eventually gives me the link to close and go back to Podman Desktop, but nothing has changed.

There were multiple suggestions to show that you signed in using colors on status bar, but it is not possible at this point. Would adding Logged in/ Logged out to the right of the hat work for now?

No, I would actually find either of those annoying. If we can't log in, the biggest thing is just giving an error message to the user with what the problem was or what to do next - e.g. 'could not connect to Red Hat SSO, try again later' vs internal problem in the extension or something else.

[dgolovin]

This wasn't working earlier today over several hours & attempts, trying both Podman Desktop 1.9 and 1.10.next, etc. (Authentication page still said LOGGED OUT, no user listed, and Sign In button was still there. Registry was not configured.) Can you tell from the log which service failed?

It is installation of subscription manager failed. You can run from terminal to see the err

machine ssh sudo rpm-ostree install -y subscription-manager

It is going to be reported to log after #131 is fixed.

Are you on podman 5?

[dgolovin]

Can you check if you have Simple Content Access enabled for your account. According this article https://access.redhat.com/articles/simple-content-access it should appear on https://access.redhat.com/management?

[deboer-tim]

Are you on podman 5?

I'm on 5.0.1.

Can you check if you have Simple Content Access enabled for your account. According this article https://access.redhat.com/articles/simple-content-access it should appear on https://access.redhat.com/management?

It's off (I haven't changed it, so I assume that's the default).

[dgolovin]

It's off (I haven't changed it, so I assume that's the default).

It was enabled by default for all new accounts a while ago, old ones have to enable it manually. At some point (I don't remember exact date) they are going to turn it on for all accounts. It seems if you turn it on, there is no way to turn it back off anymore.

I'll add check for it and warning to fix #133.

[dgolovin]

I opened follow up issues, some of them are going to be fixed in 1.0.1 release this week. Closing.