Closed thefiredragon closed 5 months ago
@torbenraab Personally I dislike to spam, but I'd like to ask which oidc provider do you use and if you tested keycloak? Helpful would be be a client sample for the authorisation_code flow from oidc provider. Greetthings
Hey @thefiredragon, At my company we use it in combination with Authentik. Keycloak was tested before. I think I know where the error is from. I will update you shortly after some investigation.
Last change to OIDC_DISCOVERY wont work correclty, current dev sync breaks the build, too, so I tried detached commit ac2262ea
P.S I switched to authentik and will try it.
[api] | Instance already registered
Traceback (most recent call last):
File "/code/manage.py", line 17, in <module>
execute_from_command_line(sys.argv)
File "/usr/local/lib/python3.11/site-packages/django/core/management/__init__.py", line 442, in execute_from_command_line
utility.execute()
File "/usr/local/lib/python3.11/site-packages/django/core/management/__init__.py", line 436, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/usr/local/lib/python3.11/site-packages/django/core/management/base.py", line 412, in run_from_argv
self.execute(*args, **cmd_options)
File "/usr/local/lib/python3.11/site-packages/django/core/management/base.py", line 458, in execute
output = self.handle(*args, **options)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/code/plane/license/management/commands/configure_instance.py", line 171, in handle
) = get_endpoint_information(item.get("value"))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/code/plane/app/views/oidc.py", line 48, in get_endpoint_information
if not discovery_url.includes("/.well-known/openid-configuration"):
^^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'str' object has no attribute 'includes'
So I checked out ffc05414 which was working before. Authentik works with plane. Here I have a last question, how I can access god-mod when direct sso forward is activated?
Workaround: created same user with same e-mail at authentik.
The issue with the current commit is already known. I will look into the topic today as I had a lot of work to do this week.
I will look into the god-mode registration shortly. Thanks for your update and testing!
Okay thank you, perhaps its better to merge OIDC to preview branch, this should be more stable instead of dev branch
Yeah I just looked into it and will do a merge into the preview branch so we can quickly update the master as the 0.15 is going to be released. The develop branch is also quite annoyingly upgraded with force pushes and such things
Split in issues #9 and #10
Just to be clear. When I setup a new instance than the main screen says "Instance not ready", so you go to the "/god-mode" URL and have to setup an account. I would recommend to use the email that your OIDC Provider provides for your login and after everything is set up you login automatically via OIDC and that's basically it.
I will document everything as soon as #12 is ready.
Just updated the readme and included the current images of the preview branch. I will close this issue for now and we can discuss the details in the issues I separated from this.
@torbenraab thank you for your investigation, is odic_discovery fixed on preview branch ? Best regards from Krefeld
Yeah it is fixed
Okay, I'll try it tomorrow πππ
Is there an existing issue for this?
Current behavior
Hey, first thanks for your maintaining, we also need oidc and want went away from atlassian because onprem will not be supported by atlassian.
I had build plane from your repo and tried to setup my keycloak oidc and run into some issues and like to ask if you could help here.
First after first setup I noticed this here:![Screenshot_20240123_151712](https://github.com/torbenraab/plane/assets/20144860/23ed5114-f8e6-46e3-a436-d3840efecc0b)
Screenshot above is clear, it's an cookie if I'm authenticated.
When I try to authenticate over oidc i'm running into this:
Plane logs:
Keycloak logs
My last question would be if you had tested your implementation with keycloak? If yes, could you provide a test configuration for keycloak? I'm not an expert with keycloak but tested authentication_code with postman and there it's working. Best regards and greethings David
Steps to reproduce
-
Browser
Google Chrome
Version
Self-hosted