search

tchiotludo / akhq

Kafka GUI for Apache Kafka to manage topics, topics data, consumers group, schema registry, connect and more...
https://akhq.io/
Apache License 2.0
3.41k stars 659 forks source link

OIDC google login with groups does not work for us #1930

Open ndonthiFadi opened 2 months ago

ndonthiFadi commented 2 months ago

We have a google group created to maintain the users there, at akhq login we should get login to users in that group but with the present documentation and as we tried below this does not work. is there any alternative or workaround for this ?

This is my test AKHQ config using docker compose:

version: '3.7'
services:
  akhq:
    image: tchiotludo/akhq
    environment:
      AKHQ_CONFIGURATION: |
        micronaut:
          security:
            token:
              jwt:
                cookie:
                  enabled: true
                signatures:
                  secret:
                    generator:
                      secret: "xxx"            
            oauth2:
              enabled: true
              clients:
                google:
                  client-id: "xxxx"
                  client-secret: "xxx"
                  openid:
                    issuer: "https://accounts.google.com"
        akhq:
          connections:
            docker-kafka-server:
              properties:
                bootstrap.servers: "kafka:9092"
          security:
            default-group: no-role          
            roles:
              topic-reader:
                - resources: [ "TOPIC", "TOPIC_DATA" ]
                  actions: [ "READ" ]
                - resources: [ "TOPIC" ]
                  actions: [ "READ_CONFIG" ]
              topic-writer:
                - resources: [ "TOPIC", "TOPIC_DATA" ]
                  actions: [ "CREATE", "UPDATE" ]
                - resources: [ "TOPIC" ]
                  actions: [ "ALTER_CONFIG" ]
            groups:
              topic-reader-all:
                - role: topic-reader
                  patterns: [ "*" ]
              topic-writer-all:
                - role: topic-writer
                  patterns: [ "*" ]
            oidc:
              enabled: true
              providers:
                google:
                  label: "Login with Google"
                  default-group: no-roles
                  groups:
                    - name: akhq-reader@companyGoogleAccount.com
                      groups:
                        - topic-reader-all

    ports:
      - "8080:8080"
    depends_on:
      - kafka

  zookeeper:
    image: confluentinc/cp-zookeeper:latest
    environment:
      ZOOKEEPER_CLIENT_PORT: 2181
      ZOOKEEPER_TICK_TIME: 2000

  kafka:
    image: confluentinc/cp-kafka:latest
    depends_on:
      - zookeeper
    environment:
      KAFKA_BROKER_ID: 1
      KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
      KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://kafka:9092
      KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
AlexisSouquiere commented 1 month ago

Please give us more information to investigate. What is the behaviour when a user tries to login ? What are the logs (DEBUG level) ?