Closed pavilalopes closed 8 months ago
Hi, we're facing the same issue with a custom oidc provider (ADFS). We're using context-path config on micronaut to serve akhq on subpath of the main app. We've deployed akhq helmchart 0.24.0 with following config:
akhq:
connections:
{{ .Values.akhq.clusterName }}:
properties:
bootstrap.servers: kafka:9092
security:
default-group: no-roles
oidc:
enabled: true
providers:
adfs:
label: "Login with ADFS"
username-field: preferred_username
groups-field: groups
default-group: no-roles
groups:
- name: {{ .Values..akhq.users }}
groups:
- reader
- name: {{ .Values..akhq.admins }}
groups:
- admin
micronaut:
server:
context-path: /akhq
security:
enabled: true
token:
jwt:
signatures:
secret:
generator:
secret: ${AKHQ_JWT_SECRET_GENERATOR_SECRET}
oauth2:
enabled: true
callback-uri: https://{{ .Values..domain }}/akhq/oauth/callback/{provider}
clients:
adfs:
client-id: ${AKHQ_OAUTH_CLIENT_ID}
client-secret: ${AKHQ_OAUTH_CLIENT_SECRET}
openid:
issuer: ${AKHQ_OAUTH_ISSUER}
We run also into Bug 2 where the logout doesn't works properly
I just had the same problem, after debugging locally, I discovered that the lines 48 to 55 in src/main/resources/application.yml manually prepend the context-path although the context-path is later prepended as well (in DefaultRedirectService, e.g. line 69).
If my finding turns out to be correct (still playing around), I will submit a pull request. as a workaround, you can override the lines in your overlay application:
micronaut:
security:
redirect:
login-success: "/ui"
forbidden:
url: "/ui/login/forbidden"
unauthorized:
url: "/ui/login/unauthorized"
login-failure: "/ui/login/failed"
logout: "/ui"
@tchiotludo This a continuation of bug #1516 that you asked me to reopen, but I don't have that option.
So, after trying the current dev tag of the docker image I can report the following:
Bug 1 still happens as before. Bug 2 is fixed.
I did some digging in developer tools, and I suspect the problem is in the 4th request shown here:
The context-path "kafkahq" is duplicated: "/kafkahq/kafkahq/ui".