After OAuth2 login not redirecting to ui

micronaut:
  security:
    enabled: true
    # OIDC authentication configuration
    oauth2:
      enabled: true
      clients:
        oidc:
          client-id: <app id>
          client-secret: <app secret>
          openid:
            issuer: https://login.microsoftonline.com/<tenant id>/v2.0
            discovery-uri: https://login.microsoftonline.com/<tenant id>/.well-known/openid-configuration
            callback-uri: https://localhost:8443/oauth/callback/oidc
    token:
      jwt:
        signatures:
          secret:
            generator:
              secret: secret
    redirect:
        login-success:  "/ui"
  server:
    ssl:
      enabled: true
      key-store:
        path: file:/opt/akhq/akhq-keystore.jks
        password: password
        type: JKS
    thread-selection: AUTO
    max-request-size: 10MB
    read-idle-timeout: 10m
    write-idle-timeout: 10m
    idle-timeout: 10m
    netty:
      max-chunk-size: 10MB
akhq:
  server:
    access-log: # Access log configuration (optional)
      enabled: true # true by default
      name: org.akhq.log.access # Logger name
      format: "[Date: {}] [Duration: {} ms] [Url: {} {}] [Status: {}] [Ip: {}] [User: {}]" # Logger format

  # default kafka properties for each clients, available for admin / producer / consumer (optional)
  clients-defaults:
    consumer:
      properties:
        isolation.level: read_committed

  # list of kafka cluster available for akhq
  connections:
    my-cluster-plain-text: # url friendly name for the cluster (letter, number, _, -, ... dot are not allowed here)
      properties: # standard kafka properties (optional)
        bootstrap.servers: "10.8.0.1:9092"
      schema-registry:
        url: "http://localhost:8081" # schema registry url (optional)
        type: "confluent" # schema registry type (optional). Supported types are "confluent" (default) or "tibco"
      deserialization:
        protobuf:
          # (optional) if descriptor-file properties are used
          descriptors-folder: "/app/protobuf_desc"
          topics-mapping:
            - topic-regex: "album.*"
              descriptor-file-base64: "Cs4BCgthbGJ1bS5wcm90bxIXY29tLm5ldGNyYWNrZXIucHJvdG9idWYidwoFQWxidW0SFAoFdGl0bGUYASABKAlSBXRpdGxlEhYKBmFydGlzdBgCIAMoCVIGYXJ0aXN0EiEKDHJlbGVhc2VfeWVhchgDIAEoBVILcmVsZWFzZVllYXISHQoKc29uZ190aXRsZRgEIAMoCVIJc29uZ1RpdGxlQiUKF2NvbS5uZXRjcmFja2VyLnByb3RvYnVmQgpBbGJ1bVByb3RvYgZwcm90bzM="
              value-message-type: "org.akhq.utils.Album"
            - topic-regex: "film.*"
              descriptor-file-base64: "CuEBCgpmaWxtLnByb3RvEhRjb20uY29tcGFueS5wcm90b2J1ZiKRAQoERmlsbRISCgRuYW1lGAEgASgJUgRuYW1lEhoKCHByb2R1Y2VyGAIgASgJUghwcm9kdWNlchIhCgxyZWxlYXNlX3llYXIYAyABKAVSC3JlbGVhc2VZZWFyEhoKCGR1cmF0aW9uGAQgASgFUghkdXJhdGlvbhIaCghzdGFycmluZxgFIAMoCVIIc3RhcnJpbmdCIQoUY29tLmNvbXBhbnkucHJvdG9idWZCCUZpbG1Qcm90b2IGcHJvdG8z"
              value-message-type: "org.akhq.utils.Film"
            - topic-regex: "test.*"
              descriptor-file: "other.desc"
              key-message-type: "org.akhq.utils.Row"
              value-message-type: "org.akhq.utils.Envelope"
      # Ui Cluster Options (optional)
      ui-options:
        topic:
          default-view: ALL  # default list view (ALL, HIDE_INTERNAL, HIDE_INTERNAL_STREAM, HIDE_STREAM). Overrides default
          skip-consumer-groups: false # Skip loading consumer group information when showing topics. Overrides default
          skip-last-record: true  # Skip loading last record date information when showing topics.  Overrides default
          show-all-consumer-groups: true # Expand list of consumer groups instead of showing one. Overrides default.
        topic-data:
          sort: NEWEST # default sort order (OLDEST, NEWEST) (default: OLDEST).  Overrides default
          date-time-format: ISO # format of message timestamps (RELATIVE, ISO) (default: RELATIVE)

    my-cluster-ssl:
      properties:
        bootstrap.servers: "kafka:9093"
        security.protocol: SSL
        ssl.truststore.location: /app/truststore.jks
        ssl.truststore.password: password
        ssl.keystore.location: /app/keystore.jks
        ssl.keystore.password: password
        ssl.key.password: password

    my-cluster-sasl:
      properties:
        bootstrap.servers: "kafka:9094"
        security.protocol: SASL_SSL
        sasl.mechanism: SCRAM-SHA-256
        sasl.jaas.config: org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="password";
        ssl.truststore.location: /app/truststore.jks
        ssl.truststore.password: password
        ssl.keystore.location: /app/keystore.jks
        ssl.keystore.password: password
        ssl.key.password: password

  pagination:
    page-size: 25 # number of elements per page (default : 25)
    threads: 16 # Number of parallel threads to resolve page

  # Configure avro-to-json serializer
  avro-serializer:
    json.serialization.inclusions: # ObjectMapper serialization inclusions used for avro-to-json conversion for display in the UI.
    # Supports Enums in JsonInclude.Include from Jackson library
      - NON_NULL

  # Topic list display options (optional)
  topic:
    retention: 172800000 # default retention period when creating topic
    partition: 3 #  default number of partition when creating topic
    replication: 3 # default number of replicas when creating topic
    internal-regexps: # list of regexp to be considered as internal (internal topic can't be deleted or updated)
      - "^_.*$"
      - "^.*_schemas$"
      - "^.*connect-config$"
      - "^.*connect-offsets$1"
      - "^.*connect-status$"
    stream-regexps: # list of regexp to be considered as internal stream topic
      - "^.*-changelog$"
      - "^.*-repartition$"
      - "^.*-rekey$"
    skip-consumer-groups: false # Skip loading consumer group information when showing topics
    skip-last-record: false # Skip loading last record date information when showing topics
    show-all-consumer-groups: false # Expand list of consumer groups instead of showing one.
    # Retry options for topic operations
    retry:
      topic-exists: # Delay between retries when checking for existence of newly created topics. This is needed as it might take the kafka broker a few seconds to create new topics.
        delay: "3s"

  # Topic display data options (optional)
  topic-data:
    size: 50 # max record per page (default: 50)
    poll-timeout: 1000 # The time, in milliseconds, spent waiting in poll if data is not available in the buffer.
    kafka-max-message-length: 1000000 # Max message length allowed to send to UI when retrieving a list of records in bytes.

  # Ui Global Options (optional)
  ui-options:
    topic:
      default-view: ALL  # default list view (ALL, HIDE_INTERNAL, HIDE_INTERNAL_STREAM, HIDE_STREAM). Overrides default
      skip-consumer-groups: false # Skip loading consumer group information when showing topics. Overrides default
      skip-last-record: true  # Skip loading last record date information when showing topics.  Overrides default
      show-all-consumer-groups: true # Expand list of consumer groups instead of showing one. Overrides default.
    topic-data:
      sort: NEWEST # default sort order (OLDEST, NEWEST) (default: OLDEST).  Overrides default

  # Auth & Roles (optional)
  security:
    roles:
      node-read:
        - resources: [ "NODE" ]
          actions: [ "READ", "READ_CONFIG" ]
      node-admin:
        - resources: [ "NODE" ]
          actions: [ "READ", "READ_CONFIG", "ALTER_CONFIG" ]
      topic-read:
        - resources: [ "TOPIC", "TOPIC_DATA" ]
          actions: [ "READ" ]
        - resources: [ "TOPIC" ]
          actions: [ "READ_CONFIG" ]
      topic-admin:
        - resources: [ "TOPIC", "TOPIC_DATA" ]
          actions: [ "READ", "CREATE", "DELETE" ]
        - resources: [ "TOPIC" ]
          actions: [ "UPDATE", "READ_CONFIG", "ALTER_CONFIG" ]
      connect-rw:
        - resources: [ "CONNECTOR" ]
          actions: [ "READ", "CREATE", "UPDATE_STATE" ]
      connect-admin:
        - resources: [ "CONNECTOR" ]
          actions: [ "READ", "CREATE", "UPDATE_STATE", "DELETE" ]
      registry-read:
        - resources: [ "SCHEMA" ]
          actions: [ "READ" ]
      registry-admin:
        - resources: [ "SCHEMA" ]
          actions: [ "READ", "CREATE", "UPDATE", "DELETE", "DELETE_VERSION" ]
      group-read:
        - resources: [ "CONSUMER_GROUP" ]
          actions: [ "READ" ]
      connect-cluster-read:
        - resources: [ "CONNECT_CLUSTER" ]
          actions: [ "READ" ]
      ksqldb-admin:
        - resources: [ "KSQLDB" ]
          actions: [ "READ", "EXECUTE" ]

    # Groups definition
    groups:
      admin:
        - role: node-admin
        - role: topic-admin
        - role: connect-admin
        - role: registry-admin
        - role: group-read
        - role: connect-cluster-read
        - role: ksqldb-admin
      topic-reader:
        - role: topic-read
        - role: registry-admin
      topic-reader-dev:
        - role: topic-read
          clusters: ["dev"]
        - role: registry-admin
          clusters: ["dev"]
      topic-reader-project-prod:
        - role: topic-read
          patterns: ["project.*"]
          clusters: ["prod.*"]
        - role: registry-admin
          patterns: ["project.*"]
          clusters: ["prod.*"]

    # OIDC configuration
    oidc:
      enabled: true
      providers:
        oidc:
          label: "Login with OIDC"
          username-field: preferred_username
          groups-field: roles
          groups:
            - name: admins
              groups:
                - admin

    # Data masking configuration
    data-masking:
      filters:
        - description: "Masks value for secret-key fields"
          search-regex: '"(secret-key)":".*"'
          replacement: '"$1":"xxxx"'
        - description: "Masks last digits of phone numbers"
          search-regex: '"([\+]?[(]?[0-9]{3}[)]?[-\s\.]?[0-9]{3}[-\s\.]?)[0-9]{4,6}"'
          replacement: '"$1xxxx"'
Please tell me where the configuration error is, because after logging in correctly it still redirects me to login. I don't use reverse proxy
tchiotludo / akhq

After OAuth2 login not redirecting to ui #1584
