Open carlosfwrk opened 11 months ago
I've noticed that in the Micronaut repository, there's a recommendation to update to version 3.9.3 of Micronaut in order to address a similar issue. Considering that AKHQ version 0.24.0 is using Micronaut version 3.7.10, I'm wondering how I can apply this modification locally. Specifically, how can I upgrade to Micronaut version 3.9.3 while using AKHQ version 0.24.0?
Would it suffice to make this modification in the build.gradle file? And once I've made the change, how should I go about compiling the code? Any guidance on these steps would be greatly appreciated.
Thanks.
You should try with dev
version that is micronaut 3.9.4, reopen if it don't work
Hi @tchiotludo, I've updated to the DEV version, but I'm still getting the same error.:
{
"message": "No enum constant io.micronaut.security.oauth2.endpoint.AuthenticationMethod.WINDOWS_CLIENT_AUTHENTICATION",
"_links": {
"self": {
"href": "/oauth/callback/adfs?code=APADKFAHAEIIJJACg&state=PLOEKKTENMALLM",
"templated": false
}
}
}
Here is the complete log (from when the login page loads, I click the "Login with ADFS" button, enter the credentials on my company's ADFS page, and it returns the error I mentioned):
2023-09-26 07:02:48,082 TRACE pGroup-1-4 mHttpResponseHeadersFilter Adding custom headers to response.
2023-09-26 07:02:48,083 DEBUG pGroup-1-4 .t.r.HttpHeaderTokenReader Looking for bearer token in Authorization header
2023-09-26 07:02:48,087 DEBUG pGroup-1-4 s.t.r.DefaultTokenResolver Request GET, /, no token found.
2023-09-26 07:02:48,088 DEBUG pGroup-1-4 i.m.s.rules.IpPatternsRule One or more of the IP patterns matched the host address [100.90.5.1]. Continuing request processing.
2023-09-26 07:02:48,089 DEBUG pGroup-1-4 m.s.r.AbstractSecurityRule The given roles [[isAnonymous()]] matched one or more of the required roles [[isAnonymous()]]. Allowing the request
2023-09-26 07:02:48,089 DEBUG pGroup-1-4 i.m.s.f.SecurityFilter Authorized request GET /. The rule provider org.akhq.security.rule.SecuredAnnotationRuleWithDefault authorized the request.
2023-09-26 07:02:48,093 INFO r-thread-3 org.akhq.log.access [Date: 2023-09-26T07:02:48.089765Z] [Duration: 3 ms] [Url: GET /] [Status: 307] [Ip: /100.90.5.1] [User-Agent: Anonymous] [Referer: {}] [User: {}]
2023-09-26 07:02:48,221 TRACE pGroup-1-4 mHttpResponseHeadersFilter Adding custom headers to response.
2023-09-26 07:02:48,223 DEBUG pGroup-1-4 .t.r.HttpHeaderTokenReader Looking for bearer token in Authorization header
2023-09-26 07:02:48,223 DEBUG pGroup-1-4 s.t.r.DefaultTokenResolver Request GET, /ui, no token found.
2023-09-26 07:02:48,223 DEBUG pGroup-1-4 i.m.s.rules.IpPatternsRule One or more of the IP patterns matched the host address [100.90.5.1]. Continuing request processing.
2023-09-26 07:02:48,224 DEBUG pGroup-1-4 .m.s.r.InterceptUrlMapRule No url map pattern exact match found for path [/ui] and method [GET]. Searching in patterns with no defined method.
2023-09-26 07:02:48,224 DEBUG pGroup-1-4 .m.s.r.InterceptUrlMapRule Url map pattern found for path [/ui]. Comparing roles.
2023-09-26 07:02:48,224 DEBUG pGroup-1-4 m.s.r.AbstractSecurityRule The given roles [[isAnonymous()]] matched one or more of the required roles [[isAnonymous()]]. Allowing the request
2023-09-26 07:02:48,224 DEBUG pGroup-1-4 i.m.s.f.SecurityFilter Authorized request GET /ui. The rule provider io.micronaut.security.rules.ConfigurationInterceptUrlMapRule authorized the request.
2023-09-26 07:02:48,225 INFO pGroup-1-4 org.akhq.log.access [Date: 2023-09-26T07:02:48.224805Z] [Duration: 0 ms] [Url: GET /ui] [Status: 200] [Ip: /100.90.5.1] [User-Agent: Anonymous] [Referer: {}] [User: {}]
2023-09-26 07:02:48,308 TRACE pGroup-1-1 mHttpResponseHeadersFilter Adding custom headers to response.
2023-09-26 07:02:48,308 DEBUG pGroup-1-1 .t.r.HttpHeaderTokenReader Looking for bearer token in Authorization header
2023-09-26 07:02:48,308 DEBUG pGroup-1-1 s.t.r.DefaultTokenResolver Request GET, /health, no token found.
2023-09-26 07:02:48,309 DEBUG pGroup-1-1 i.m.s.rules.IpPatternsRule One or more of the IP patterns matched the host address [100.90.14.1]. Continuing request processing.
2023-09-26 07:02:48,309 DEBUG pGroup-1-1 .m.s.r.InterceptUrlMapRule No url map pattern exact match found for path [/health] and method [GET]. Searching in patterns with no defined method.
2023-09-26 07:02:48,309 DEBUG pGroup-1-1 .m.s.r.InterceptUrlMapRule No url map pattern match found for path [/health]. Returning unknown.
2023-09-26 07:02:48,310 DEBUG pGroup-1-1 .s.r.SensitiveEndpointRule health endpoint is not sensitive. Allowing the request.
2023-09-26 07:02:48,310 DEBUG pGroup-1-1 i.m.s.f.SecurityFilter Authorized request GET /health. The rule provider io.micronaut.security.rules.SensitiveEndpointRule authorized the request.
2023-09-26 07:02:48,420 TRACE pGroup-1-4 mHttpResponseHeadersFilter Adding custom headers to response.
2023-09-26 07:02:48,420 DEBUG pGroup-1-4 .t.r.HttpHeaderTokenReader Looking for bearer token in Authorization header
2023-09-26 07:02:48,420 DEBUG pGroup-1-4 s.t.r.DefaultTokenResolver Request GET, /ui/static/js/main.3815b2bf.js, no token found.
2023-09-26 07:02:48,421 DEBUG pGroup-1-4 i.m.s.rules.IpPatternsRule One or more of the IP patterns matched the host address [100.90.5.1]. Continuing request processing.
2023-09-26 07:02:48,422 DEBUG pGroup-1-4 .m.s.r.InterceptUrlMapRule No url map pattern exact match found for path [/ui/static/js/main.3815b2bf.js] and method [GET]. Searching in patterns with no defined method.
2023-09-26 07:02:48,422 DEBUG pGroup-1-4 .m.s.r.InterceptUrlMapRule Url map pattern found for path [/ui/static/js/main.3815b2bf.js]. Comparing roles.
2023-09-26 07:02:48,422 DEBUG pGroup-1-4 m.s.r.AbstractSecurityRule The given roles [[isAnonymous()]] matched one or more of the required roles [[isAnonymous()]]. Allowing the request
2023-09-26 07:02:48,422 DEBUG pGroup-1-4 i.m.s.f.SecurityFilter Authorized request GET /ui/static/js/main.3815b2bf.js. The rule provider io.micronaut.security.rules.ConfigurationInterceptUrlMapRule authorized the request.
2023-09-26 07:02:48,423 INFO pGroup-1-4 org.akhq.log.access [Date: 2023-09-26T07:02:48.422967Z] [Duration: 0 ms] [Url: GET /ui/static/js/main.3815b2bf.js] [Status: 200] [Ip: /100.90.5.1] [User-Agent: Anonymous] [Referer: {}] [User: {}]
2023-09-26 07:02:48,430 TRACE pGroup-1-4 mHttpResponseHeadersFilter Adding custom headers to response.
2023-09-26 07:02:48,431 DEBUG pGroup-1-4 .t.r.HttpHeaderTokenReader Looking for bearer token in Authorization header
2023-09-26 07:02:48,431 DEBUG pGroup-1-4 s.t.r.DefaultTokenResolver Request GET, /health, no token found.
2023-09-26 07:02:48,431 DEBUG pGroup-1-4 i.m.s.rules.IpPatternsRule One or more of the IP patterns matched the host address [100.90.14.1]. Continuing request processing.
2023-09-26 07:02:48,431 DEBUG pGroup-1-4 .m.s.r.InterceptUrlMapRule No url map pattern exact match found for path [/health] and method [GET]. Searching in patterns with no defined method.
2023-09-26 07:02:48,432 DEBUG pGroup-1-4 .m.s.r.InterceptUrlMapRule No url map pattern match found for path [/health]. Returning unknown.
2023-09-26 07:02:48,432 DEBUG pGroup-1-4 .s.r.SensitiveEndpointRule health endpoint is not sensitive. Allowing the request.
2023-09-26 07:02:48,432 DEBUG pGroup-1-4 i.m.s.f.SecurityFilter Authorized request GET /health. The rule provider io.micronaut.security.rules.SensitiveEndpointRule authorized the request.
2023-09-26 07:02:48,544 TRACE pGroup-1-1 mHttpResponseHeadersFilter Adding custom headers to response.
2023-09-26 07:02:48,545 DEBUG pGroup-1-1 .t.r.HttpHeaderTokenReader Looking for bearer token in Authorization header
2023-09-26 07:02:48,545 DEBUG pGroup-1-1 s.t.r.DefaultTokenResolver Request GET, /ui/static/css/main.8e11c20e.css, no token found.
2023-09-26 07:02:48,546 DEBUG pGroup-1-1 i.m.s.rules.IpPatternsRule One or more of the IP patterns matched the host address [100.90.12.1]. Continuing request processing.
2023-09-26 07:02:48,546 DEBUG pGroup-1-1 .m.s.r.InterceptUrlMapRule No url map pattern exact match found for path [/ui/static/css/main.8e11c20e.css] and method [GET]. Searching in patterns with no defined method.
2023-09-26 07:02:48,546 DEBUG pGroup-1-1 .m.s.r.InterceptUrlMapRule Url map pattern found for path [/ui/static/css/main.8e11c20e.css]. Comparing roles.
2023-09-26 07:02:48,546 DEBUG pGroup-1-1 m.s.r.AbstractSecurityRule The given roles [[isAnonymous()]] matched one or more of the required roles [[isAnonymous()]]. Allowing the request
2023-09-26 07:02:48,547 DEBUG pGroup-1-1 i.m.s.f.SecurityFilter Authorized request GET /ui/static/css/main.8e11c20e.css. The rule provider io.micronaut.security.rules.ConfigurationInterceptUrlMapRule authorized the request.
2023-09-26 07:02:48,547 INFO pGroup-1-1 org.akhq.log.access [Date: 2023-09-26T07:02:48.547255Z] [Duration: 0 ms] [Url: GET /ui/static/css/main.8e11c20e.css] [Status: 200] [Ip: /100.90.12.1] [User-Agent: Anonymous] [Referer: {}] [User: {}]
2023-09-26 07:02:48,630 TRACE pGroup-1-4 mHttpResponseHeadersFilter Adding custom headers to response.
2023-09-26 07:02:48,630 TRACE pGroup-1-1 mHttpResponseHeadersFilter Adding custom headers to response.
2023-09-26 07:02:48,630 DEBUG pGroup-1-4 .t.r.HttpHeaderTokenReader Looking for bearer token in Authorization header
2023-09-26 07:02:48,630 DEBUG pGroup-1-1 .t.r.HttpHeaderTokenReader Looking for bearer token in Authorization header
2023-09-26 07:02:48,631 DEBUG pGroup-1-1 s.t.r.DefaultTokenResolver Request GET, /api/me, no token found.
2023-09-26 07:02:48,631 DEBUG pGroup-1-4 s.t.r.DefaultTokenResolver Request GET, /api/auths, no token found.
2023-09-26 07:02:48,631 DEBUG pGroup-1-4 i.m.s.rules.IpPatternsRule One or more of the IP patterns matched the host address [100.90.5.1]. Continuing request processing.
2023-09-26 07:02:48,631 DEBUG pGroup-1-1 i.m.s.rules.IpPatternsRule One or more of the IP patterns matched the host address [100.90.12.1]. Continuing request processing.
2023-09-26 07:02:48,631 DEBUG pGroup-1-1 m.s.r.AbstractSecurityRule The given roles [[isAnonymous()]] matched one or more of the required roles [[isAnonymous()]]. Allowing the request
2023-09-26 07:02:48,631 DEBUG pGroup-1-4 m.s.r.AbstractSecurityRule The given roles [[isAnonymous()]] matched one or more of the required roles [[isAnonymous()]]. Allowing the request
2023-09-26 07:02:48,631 DEBUG pGroup-1-1 i.m.s.f.SecurityFilter Authorized request GET /api/me. The rule provider org.akhq.security.rule.SecuredAnnotationRuleWithDefault authorized the request.
2023-09-26 07:02:48,631 DEBUG pGroup-1-4 i.m.s.f.SecurityFilter Authorized request GET /api/auths. The rule provider org.akhq.security.rule.SecuredAnnotationRuleWithDefault authorized the request.
2023-09-26 07:02:48,927 TRACE pGroup-1-4 mHttpResponseHeadersFilter Adding custom headers to response.
2023-09-26 07:02:48,928 DEBUG pGroup-1-4 .t.r.HttpHeaderTokenReader Looking for bearer token in Authorization header
2023-09-26 07:02:48,928 DEBUG pGroup-1-4 s.t.r.DefaultTokenResolver Request GET, /ui/manifest.json, no token found.
2023-09-26 07:02:48,928 DEBUG pGroup-1-4 i.m.s.rules.IpPatternsRule One or more of the IP patterns matched the host address [100.90.12.1]. Continuing request processing.
2023-09-26 07:02:48,928 DEBUG pGroup-1-4 .m.s.r.InterceptUrlMapRule No url map pattern exact match found for path [/ui/manifest.json] and method [GET]. Searching in patterns with no defined method.
2023-09-26 07:02:48,929 DEBUG pGroup-1-4 .m.s.r.InterceptUrlMapRule Url map pattern found for path [/ui/manifest.json]. Comparing roles.
2023-09-26 07:02:48,929 DEBUG pGroup-1-4 m.s.r.AbstractSecurityRule The given roles [[isAnonymous()]] matched one or more of the required roles [[isAnonymous()]]. Allowing the request
2023-09-26 07:02:48,929 DEBUG pGroup-1-4 i.m.s.f.SecurityFilter Authorized request GET /ui/manifest.json. The rule provider io.micronaut.security.rules.ConfigurationInterceptUrlMapRule authorized the request.
2023-09-26 07:02:48,929 INFO pGroup-1-4 org.akhq.log.access [Date: 2023-09-26T07:02:48.929565Z] [Duration: 0 ms] [Url: GET /ui/manifest.json] [Status: 200] [Ip: /100.90.12.1] [User-Agent: Anonymous] [Referer: {}] [User: {}]
2023-09-26 07:02:49,168 INFO r-thread-3 org.akhq.log.access [Date: 2023-09-26T07:02:48.631878Z] [Duration: 536 ms] [Url: GET /api/auths] [Status: 200] [Ip: /100.90.5.1] [User-Agent: Anonymous] [Referer: {}] [User: {}]
2023-09-26 07:02:49,168 INFO r-thread-4 org.akhq.log.access [Date: 2023-09-26T07:02:48.631855Z] [Duration: 536 ms] [Url: GET /api/me] [Status: 200] [Ip: /100.90.12.1] [User-Agent: Anonymous] [Referer: {}] [User: {}]
2023-09-26 07:02:49,280 TRACE pGroup-1-4 mHttpResponseHeadersFilter Adding custom headers to response.
2023-09-26 07:02:49,280 DEBUG pGroup-1-4 .t.r.HttpHeaderTokenReader Looking for bearer token in Authorization header
2023-09-26 07:02:49,281 DEBUG pGroup-1-4 s.t.r.DefaultTokenResolver Request GET, /ui/ui/static/media/icon.383e5fd93919da4ccf1b1d78c73ab176.svg, no token found.
2023-09-26 07:02:49,281 DEBUG pGroup-1-4 i.m.s.rules.IpPatternsRule One or more of the IP patterns matched the host address [100.90.5.1]. Continuing request processing.
2023-09-26 07:02:49,281 DEBUG pGroup-1-4 .m.s.r.InterceptUrlMapRule No url map pattern exact match found for path [/ui/ui/static/media/icon.383e5fd93919da4ccf1b1d78c73ab176.svg] and method [GET]. Searching in patterns with no defined method.
2023-09-26 07:02:49,282 DEBUG pGroup-1-4 .m.s.r.InterceptUrlMapRule Url map pattern found for path [/ui/ui/static/media/icon.383e5fd93919da4ccf1b1d78c73ab176.svg]. Comparing roles.
2023-09-26 07:02:49,282 DEBUG pGroup-1-4 m.s.r.AbstractSecurityRule The given roles [[isAnonymous()]] matched one or more of the required roles [[isAnonymous()]]. Allowing the request
2023-09-26 07:02:49,282 DEBUG pGroup-1-4 i.m.s.f.SecurityFilter Authorized request GET /ui/ui/static/media/icon.383e5fd93919da4ccf1b1d78c73ab176.svg. The rule provider io.micronaut.security.rules.ConfigurationInterceptUrlMapRule authorized the request.
2023-09-26 07:02:49,282 INFO pGroup-1-4 org.akhq.log.access [Date: 2023-09-26T07:02:49.282436Z] [Duration: 0 ms] [Url: GET /ui/ui/static/media/icon.383e5fd93919da4ccf1b1d78c73ab176.svg] [Status: 200] [Ip: /100.90.5.1] [User-Agent: Anonymous] [Referer: {}] [User: {}]
2023-09-26 07:02:51,675 TRACE pGroup-1-4 mHttpResponseHeadersFilter Adding custom headers to response.
2023-09-26 07:02:51,675 DEBUG pGroup-1-4 .t.r.HttpHeaderTokenReader Looking for bearer token in Authorization header
2023-09-26 07:02:51,676 DEBUG pGroup-1-4 s.t.r.DefaultTokenResolver Request GET, /oauth/login/adfs, no token found.
2023-09-26 07:02:51,676 DEBUG pGroup-1-4 i.m.s.rules.IpPatternsRule One or more of the IP patterns matched the host address [100.90.5.1]. Continuing request processing.
2023-09-26 07:02:51,676 DEBUG pGroup-1-4 m.s.r.AbstractSecurityRule The given roles [[isAnonymous()]] matched one or more of the required roles [[isAnonymous()]]. Allowing the request
2023-09-26 07:02:51,677 DEBUG pGroup-1-4 i.m.s.f.SecurityFilter Authorized request GET /oauth/login/adfs. The rule provider org.akhq.security.rule.SecuredAnnotationRuleWithDefault authorized the request.
2023-09-26 07:02:51,677 TRACE pGroup-1-4 o.r.DefaultOauthController Received login request for provider [adfs]
2023-09-26 07:02:51,692 TRACE pGroup-1-4 .s.o.c.DefaultOpenIdClient Starting authorization code grant flow to provider [adfs]. Redirecting to [https://fed.company.com/adfs/oauth2/authorize/]
2023-09-26 07:02:51,734 TRACE pGroup-1-4 thorizationRedirectHandler Built the authorization URL [https://fed.company.com/adfs/oauth2/authorize/?scope=openid+read&response_type=code&redirect_uri=https%3A%2F%2Fakhq.dev.company.com%2Foauth%2Fcallback%2Fadfs&state=PLOEKKTENMALLM&nonce=98akdh1PL39858789&client_id=asdfasdf-sdfse-seaww245-d223-aaeere333]
2023-09-26 07:02:51,735 INFO pGroup-1-4 org.akhq.log.access [Date: 2023-09-26T07:02:51.677207Z] [Duration: 58 ms] [Url: GET /oauth/login/adfs] [Status: 302] [Ip: /100.90.5.1] [User-Agent: Anonymous] [Referer: {}] [User: {}]
2023-09-26 07:02:51,928 TRACE pGroup-1-4 mHttpResponseHeadersFilter Adding custom headers to response.
2023-09-26 07:02:51,929 DEBUG pGroup-1-4 .t.r.HttpHeaderTokenReader Looking for bearer token in Authorization header
2023-09-26 07:02:51,929 DEBUG pGroup-1-4 s.t.r.DefaultTokenResolver Request GET, /oauth/callback/adfs, no token found.
2023-09-26 07:02:51,929 DEBUG pGroup-1-4 i.m.s.rules.IpPatternsRule One or more of the IP patterns matched the host address [100.90.5.1]. Continuing request processing.
2023-09-26 07:02:51,929 DEBUG pGroup-1-4 m.s.r.AbstractSecurityRule The given roles [[isAnonymous()]] matched one or more of the required roles [[isAnonymous()]]. Allowing the request
2023-09-26 07:02:51,929 DEBUG pGroup-1-4 i.m.s.f.SecurityFilter Authorized request GET /oauth/callback/adfs. The rule provider org.akhq.security.rule.SecuredAnnotationRuleWithDefault authorized the request.
2023-09-26 07:02:51,930 TRACE pGroup-1-4 o.r.DefaultOauthController Received callback from oauth provider [adfs]
2023-09-26 07:02:51,933 TRACE pGroup-1-4 .s.o.c.DefaultOpenIdClient Received a successful authorization response from provider [adfs]
2023-09-26 07:02:51,945 WARN r-thread-3 org.akhq.log.access [Date: 2023-09-26T07:02:51.930077Z] [Duration: 15 ms] [Url: GET /oauth/callback/adfs] [Status: 409] [Ip: /100.90.5.1] [User-Agent: Anonymous] [Referer: {}] [User: {}]
2023-09-26 07:02:52,273 TRACE pGroup-1-4 mHttpResponseHeadersFilter Adding custom headers to response.
2023-09-26 07:02:52,274 DEBUG pGroup-1-4 .t.r.HttpHeaderTokenReader Looking for bearer token in Authorization header
2023-09-26 07:02:52,274 DEBUG pGroup-1-4 s.t.r.DefaultTokenResolver Request GET, /oauth/callback/adfs, no token found.
2023-09-26 07:02:52,274 DEBUG pGroup-1-4 i.m.s.rules.IpPatternsRule One or more of the IP patterns matched the host address [100.90.5.1]. Continuing request processing.
2023-09-26 07:02:52,275 DEBUG pGroup-1-4 m.s.r.AbstractSecurityRule The given roles [[isAnonymous()]] matched one or more of the required roles [[isAnonymous()]]. Allowing the request
2023-09-26 07:02:52,275 DEBUG pGroup-1-4 i.m.s.f.SecurityFilter Authorized request GET /oauth/callback/adfs. The rule provider org.akhq.security.rule.SecuredAnnotationRuleWithDefault authorized the request.
2023-09-26 07:02:52,275 TRACE pGroup-1-4 o.r.DefaultOauthController Received callback from oauth provider [adfs]
2023-09-26 07:02:52,276 TRACE pGroup-1-4 .s.o.c.DefaultOpenIdClient Received a successful authorization response from provider [adfs]
2023-09-26 07:02:52,278 WARN r-thread-3 org.akhq.log.access [Date: 2023-09-26T07:02:52.275576Z] [Duration: 2 ms] [Url: GET /oauth/callback/adfs] [Status: 409] [Ip: /100.90.5.1] [User-Agent: Anonymous] [Referer: {}] [User: {}]
Thanks.
Sorry, I can't reopen the issue, perhaps due to a lack of permissions.
You should try with
dev
version that is micronaut 3.9.4, reopen if it don't work
In the build.gradle file appears micronaut version 3.7.10:
Problem Description: I'm currently configuring AKHQ's authentication using OIDC with ADFS but I'm facing an error.
Current Configuration:
Expected Outcome: Upon clicking the "Login with ADFS" button on the page https://akhq.dev.company.com/ui/login, I expect to be redirected to the organization's ADFS authentication system. After successfully authenticating, the system should return an authorization code (CODE), which should then be used to obtain an access token. The access token will be used to extract the user's groups and match them with the groups configured in AKHQ.
Current Issue: After entering the credentials on the ADFS authentication page, the redirection to the callback URL (redirection-uri) occurs correctly, but the following error is displayed in the browser:
It's worth noting that if I take the CODE returned in the URL and manually generate a call to the token URL, the token is generated correctly.
LOGS
Can anyone help me with this error? Am I doing something wrong or could there be an issue with the OIDC configuration for AKHQ's needs?
Thanks.