search

warp-tech / warpgate

Smart SSH, HTTPS and MySQL bastion that requires no additional client-side software
Apache License 2.0
3.94k stars 122 forks source link

With a self-hosted oidc server, no error logs are reported and the browser returns status code 404 #1074

Closed vitaaaaa1 closed 1 month ago

vitaaaaa1 commented 2 months ago

hello everyone,I tried to configure oidc.However, after I clicked on oidc to log in, the browser and the program log did not respond,The status code of the browser console,

https://warpgate.com:8888/@warpgate/api/sso/providers/oidc-custom/start
# 500 Internal Server Error
https://warpgate.com:8888/@warpgate/api/auth/state
# 404 Not Found

Other than that there are no error messages My oidc provider is Authentik And this is my is my program configuration file

- name: oidc-custom
  label: Custom SSO
  provider:
    type: custom
    client_id: xxx
    client_secret: xxxx
    issuer_url: https://authentik.xxx.com/application/o/warpgate/.well-known/openid-configuration
    scopes:
      - email
      - openid

These are my oidc provider information

OpenID Configuration URL 
https://authentik.xxx.com/application/o/warpgate/.well-known/openid-configuration
OpenID Configuration Issuer
https://authentik.xxx.com/application/o/warpgate/
Authorize URL
https://authentik.xxx.com/application/o/authorize/
Redirect URIs
https://warpgate.com:8888/@warpgate/api/sso/return

Someone can help me

Eugeny commented 2 months ago

Try using the URL without the /.well-known/openid-configuration suffix and if that doesn't help, run Warpgate with --debug and grab the output when trying to log in.

vitaaaaa1 commented 2 months ago

--debug I'm using docker compose to start my application, where should I add the debug parameter

version: '3'
services:
warpgate:
image: ghcr.io/warp-tech/warpgate
ports:
- 2222:2222
- 8888:8888
- 33306:33306
volumes:
- ./data:/data
stdin_open: true
tty: true
Eugeny commented 2 months ago

Add the command like this:

version: '3'
services:
  warpgate:
    image: ghcr.io/warp-tech/warpgate
    ports:
      - 2222:2222
      - 8888:8888
      - 33306:33306
    volumes:
      - ./data:/data
    stdin_open: true
    tty: true
    command: ['--debug', 'run']
vitaaaaa1 commented 2 months ago

Other programs to configure the oidc will require more parameters than issuer_url Like other parameters, like token_url userdata_url oauth_callback_url Am I missing any parameters, but I don't see any other parameters that need to be configured on the official website

Eugeny commented 2 months ago

Surely you're getting some output?

Screenshot 2024-09-30 at 12 22 04
Eugeny commented 2 months ago

Now try doing an OIDC login and see what gets logged

cosmoswafer commented 1 month ago

I have a similar issue with version 0.11.0. When I visit /@warpgate/api/sso/providers/custom/start?next=%2F, I receive the following error messages. I have tried both with and without the trailing slash (/):

Provider discovery error: Validation error: unexpected issuer URI `https://example.site.com` (expected `https://example.site.com/`)
Eugeny commented 1 month ago

@cosmoswafer what's your SSO configuration like?

cosmoswafer commented 1 month ago

Here it is, I have tried both with and without the trailing slash (/)

sso_providers:
- name: custom
  label: NextCloud
  provider:
    type: custom
    client_id: xxxxxxxxxx
    client_secret: xxxxxxxxxx
    issuer_url: https://example.site.com/
    scopes: ["email"]