search

robrotheram / taiga-contrib-openid-auth

Taiga plugin for openid authentication
45 stars 25 forks source link

Invalid login type #32

Closed lknite closed 2 years ago

lknite commented 2 years ago

(After installing a working taiga installation into kubernetes via the https://github.com/nemonik/taiga-helm helm chart.)

I installed taiga-contrib-openid-auth using the manual install steps (see below).

The back instructions say to modify local.py but I don't see that so I modified config.py.

I can see in keycloak the session exists, after logging in successfully, it seems that the code being passed to taiga isn't resulting in a successful login. Next steps?

# (taiga backend)
# 1. clone taiga-contrib-openid-auth
apt update
apt -y install vim git
cd /tmp
git clone https://github.com/robrotheram/taiga-contrib-openid-auth.git

# (taiga backend)
# 2. modify /taiga-back/settings/config.py
# OPENID AUTH
INSTALLED_APPS += ["taiga_contrib_openid_auth"]
OPENID_USER_URL = "https://keycloak.k-prod.harmony.net/auth/realms/harmony/protocol/openid-connect/userinfo"
OPENID_TOKEN_URL = "https://keycloak.k-prod.harmony.net/auth/realms/harmony/protocol/openid-connect/token"
OPENID_CLIENT_ID = "{Client ID from the Settings tab}"
OPENID_CLIENT_SECRET = "{Secret from the Credentials tab}"

# (taiga backend)
# 3.
cd /tmp/taiga-contrib-openid-auth/back
pip install -e .

# (taiga frontend)
# 4.
cd /tmp
wget https://github.com/robrotheram/taiga-contrib-openid-auth/archive/refs/heads/master.zip
unzip master.zip
mv taiga-contrib-openid-auth-master taiga-contrib-openid-auth
cd /usr/share/nginx/html/plugins
ln -s /tmp/taiga-contrib-openid-auth/front/dist openid-auth

# (taiga frontend)
# 5. add to conf.json
    "openidAuth" : "https://keycloak.k-prod.harmony.net/auth/realms/harmony/protocol/openid-connect/auth",
    "openidName" : "ldap",
    "openidScope" : "openid",
    "openidClientId": "{Client ID from the Settings tab}",
    "contribPlugins": [
        "/plugins/openid-auth/openid-auth.json"
    ]
lknite commented 2 years ago

I'm hoping to release an image which can be used with the helm chart above which has this plugin integrated. Am hoping to setup some automation to build the new image, test that an ad login works, and then pushes out the new image as a release.

Here are some initial logs. I'm not sure how to see if the plugin is even being recognized on the backend. Not seeing anything in the logs I can find. The pip install said everything went ok. If I install again it detects the install, says it is uninstalling, then installs again.

[dev: taiga]
[~/k/taiga]
[travis@wb]$ k exec -it taiga-back-0 -- bash
root@taiga-back-0:/taiga-back/settings# more config.py
<snip>
#########################################
## CONTRIBS
#########################################

# OPENID AUTH
INSTALLED_APPS += ["taiga_contrib_openid_auth"]
OPENID_USER_URL = "https://keycloak.k-prod.harmony.net/auth/realms/harmony/protocol/openid-connect/userinfo"
OPENID_TOKEN_URL = "https://keycloak.k-prod.harmony.net/auth/realms/harmony/protocol/openid-connect/token"
OPENID_CLIENT_ID = "taiga.k-dev.harmony.net"
OPENID_CLIENT_SECRET = "hidden"

# SLACK
ENABLE_SLACK = os.getenv('ENABLE_SLACK', 'False') == 'True'
</snip>

[dev: taiga]
[~/k/taiga]
[travis@wb]$ k logs --tail=5 taiga-front-0 
172.21.162.189 - - [30/Dec/2021:23:43:53 +0000] "GET /login?session_state=aeb068ed-6765-49c5-85a4-cb218ceb4974&code=87c61d4b-f680-4c62-904b-da72cca08672.aeb068ed-6765-49c5-85a4-cb218ceb4974.1c7590e1-b815-40fa-941d-c803073e1b21 HTTP/1.0" 200 140629 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36" "172.21.162.128"
172.21.162.189 - - [30/Dec/2021:23:47:22 +0000] "GET /login?session_state=aeb068ed-6765-49c5-85a4-cb218ceb4974&code=0b62c3f0-25ad-48fc-8979-533576201f9e.aeb068ed-6765-49c5-85a4-cb218ceb4974.1c7590e1-b815-40fa-941d-c803073e1b21 HTTP/1.0" 200 140629 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36" "172.21.162.128"
172.21.162.189 - - [30/Dec/2021:23:49:49 +0000] "GET /login?session_state=aeb068ed-6765-49c5-85a4-cb218ceb4974&code=6fdf5514-0fba-4fd6-8062-a22628fc9041.aeb068ed-6765-49c5-85a4-cb218ceb4974.1c7590e1-b815-40fa-941d-c803073e1b21 HTTP/1.0" 200 140629 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36" "172.21.162.128"
172.21.162.189 - - [31/Dec/2021:00:04:51 +0000] "GET /config.json HTTP/1.0" 200 140629 "-" "curl/7.61.1" "172.21.162.128"
172.21.162.189 - - [31/Dec/2021:00:05:32 +0000] "GET /conf.json HTTP/1.0" 200 1252 "-" "curl/7.61.1" "172.21.162.128"

[dev: taiga]
[~/k/taiga]
[travis@wb]$ k logs --tail=5 taiga-back-0 
[2021-12-25 10:43:25 +0000] [1] [INFO] Listening at: http://0.0.0.0:8000 (1)
[2021-12-25 10:43:25 +0000] [1] [INFO] Using worker: sync
[2021-12-25 10:43:25 +0000] [30] [INFO] Booting worker with pid: 30
[2021-12-25 10:43:25 +0000] [31] [INFO] Booting worker with pid: 31
[2021-12-25 10:43:25 +0000] [32] [INFO] Booting worker with pid: 32

[dev: taiga]
[~/k/taiga]
[travis@wb]$ curl https://taiga.k-dev.harmony.net/conf.json
{
    "api": "https://taiga.k-dev.harmony.net/api/v1/",
    "eventsUrl": "ws://localhost:9000/events",
    "baseHref": "/",
    "eventsMaxMissedHeartbeats": 5,
    "eventsHeartbeatIntervalTime": 60000,
    "eventsReconnectTryInterval": 10000,
    "debug": false,
    "debugInfo": false,
    "defaultLanguage": "en",
    "themes": ["taiga"],
    "defaultTheme": "taiga",
    "defaultLoginEnabled": true,
    "publicRegisterEnabled": false,
    "feedbackEnabled": true,
    "supportUrl": "https://resources.taiga.io",
    "privacyPolicyUrl": null,
    "termsOfServiceUrl": null,
    "maxUploadFileSize": null,
    "contribPlugins": [],
    "gitHubClientId": "",
    "gitLabClientId": "",
    "gitLabUrl": "",
    "tagManager": { "accountId": null },
    "tribeHost": null,
    "enableAsanaImporter": false,
    "enableGithubImporter": false,
    "enableJiraImporter": false,
    "enableTrelloImporter": false,
    "gravatar": false,
    "rtlLanguages": ["fa"],
    "openidAuth" : "https://keycloak.k-prod.harmony.net/auth/realms/harmony/protocol/openid-connect/auth",
    "openidName" : "ldap",
    "openidScope" : "openid",
    "openidClientId": "taiga.k-dev.harmony.net",
    "contribPlugins": [
        "/plugins/openid-auth/openid-auth.json"
    ]
}
lknite commented 2 years ago

taiga docker image versions in use:

taigaAsync:
  image:
    tag: 6.4.2
taigaFront:
  image:
    tag: 6.4.2
taigaBack:
  image:
    tag: 6.4.2
taigaProtected:
  image:
    tag: 6.4.0
  name: taiga
lknite commented 2 years ago

noticed "contribPlugins" is defined twice, that could be it, testing ...

robrotheram commented 2 years ago

Hi, You should be able to just replace the images in the helm chart to the ones from this repo (I have updated them to 6.4.2) See stuff around the docker-compose image that should be transposable to helm charts.

If you are planning on modifying the docker images yourself I would look in https://github.com/robrotheram/taiga-contrib-openid-auth/tree/master/docker The Readme assumes you are either just using my images or doing a non container install with pipenv. There was some subtle changes around env scripts that I had to change. The images from tiaga on start rewrite some config files.

lknite commented 2 years ago

They are working perfectly. Closing case.

mphcomputing commented 2 years ago

What was the fix? I'm having the same issue. using the 6.4.2 versions.

lknite commented 2 years ago

@mphcomputing It's been awhile, but I think I was trying to add the taiga-contrib-openid-auth plugin to images from elsewhere and I switched to using the images provided by this project. It's been too long, so I could be remembering incorrectly.