This is tied to an OIDC app from an installation of Authentik that I administer. The SSL certificate used by that installation comes from a publicly trusted CA.
In the admin console, I've gone through the process of creating a target (& giving the target warpgate's SSH public keys), a role for accessing that target, and a user possessing that role w/ SSO auth required. The user's email as recorded in their warpgate record matches the email of the SSO user I've set up.
However, when I try to use my target over SSH and follow the prompts to authenticate using a web link, I get "API error: provider discovery error: Failed to parse server response" errors on the webpage, which align with the following warpgate logs (incl. debug):
Nov 21 15:05:28 [BASTION] warpgate[685]: 21.11.2024 15:05:28 DEBUG SSH{session=425f7fe1-6eb3-401c-aff2-75a65e7f1a98 client_ip=[MYIP]}: warpgate_core::config_providers::db: Client key: [PUBKEY] username="julian"
Nov 21 15:05:29 [BASTION] warpgate[685]: 21.11.2024 15:05:29 INFO SSH{session=425f7fe1-6eb3-401c-aff2-75a65e7f1a98 client_ip=[MYIP]}: warpgate_protocol_ssh::server::session: Keyboard-interactive auth as <julian for [TARGET]>
Nov 21 15:05:31 [BASTION] warpgate[685]: 21.11.2024 15:05:31 INFO HTTP: warpgate_protocol_http::logging: Request method=GET url=/@warpgate status=200 OK client_ip=127.0.0.1
Nov 21 15:05:31 [BASTION] warpgate[685]: 21.11.2024 15:05:31 INFO HTTP: warpgate_protocol_http::logging: Request method=GET url=/@warpgate/api/info status=200 OK client_ip=127.0.0.1
Nov 21 15:05:31 [BASTION] warpgate[685]: 21.11.2024 15:05:31 INFO HTTP: warpgate_protocol_http::logging: Request method=GET url=/@warpgate/api/sso/providers status=200 OK client_ip=127.0.0.1
Nov 21 15:05:31 [BASTION] warpgate[685]: 21.11.2024 15:05:31 WARN HTTP: warpgate_protocol_http::logging: Request failed method=GET url=/@warpgate/api/auth/state status=404 Not Found client_ip=127.0.0.1
Nov 21 15:05:36 [BASTION] warpgate[685]: 21.11.2024 15:05:36 DEBUG HTTP: warpgate_protocol_http::api::sso_provider_detail: Return URL: https://[BASTION]/@warpgate/api/sso/return
Nov 21 15:05:37 [BASTION] warpgate[685]: 21.11.2024 15:05:37 ERROR HTTP: warpgate_protocol_http::logging: Request failed method=GET url=/@warpgate/api/sso/providers/custom/start?next=%2F%40warpgate%23%2Flogin%2Fe9bed05d-ccd0-4531-9c68-2a1cd1667870 error=provider discovery error: Failed to parse server response client_ip=127.0.0.1
This has happened both on v0.11.0, as well as a couple of different nightlies (most recently the 2024-11-20 nightly), and I'd suspect it'd occur on the latest nightly as well.
I'm running warpgate behind an nginx proxy, and the SSO portion of my warpgate config looks like this.
This is tied to an OIDC app from an installation of Authentik that I administer. The SSL certificate used by that installation comes from a publicly trusted CA.
In the admin console, I've gone through the process of creating a target (& giving the target warpgate's SSH public keys), a role for accessing that target, and a user possessing that role w/ SSO auth required. The user's email as recorded in their warpgate record matches the email of the SSO user I've set up.
However, when I try to use my target over SSH and follow the prompts to authenticate using a web link, I get "API error: provider discovery error: Failed to parse server response" errors on the webpage, which align with the following warpgate logs (incl. debug):
This has happened both on v0.11.0, as well as a couple of different nightlies (most recently the 2024-11-20 nightly), and I'd suspect it'd occur on the latest nightly as well.