Problem: Authentik OIDC

Question

Problem: Authentik OIDC

ZifeRRoT opened this issue a month ago · comments

ZifeRRoT commented a month ago

Issue

There is an timeout when trying to auth via authentik oidc coz of little slash at the end of request

Impact

Web-Backend (APIs)

Installation method

Docker

Database

Postgres

Browser

Chrome

Semaphore Version

v2.9.109-e32ce6b-1716748351

Logs & errors

level=error msg="Get \"https://auth.mydomain.com/application/o/ansible-oidc/.well-known/openid-configuration\": dial tcp server_ip:443: i/o timeout"

Configuration

"authentik": {
	"display_name": "Sign in with Authentik",
	"provider_url": "https://auth.mydomain.com/application/o/ansible-oidc/",
	"client_id": "id",
	"client_secret": "secret",
	"redirect_url": "https://ansible.mydomain.com/api/auth/oidc/authentik/redirect",
	"scopes": ["openid", "profile", "email"],
	"username_claim": "preferred_username",
	"name_claim": "preferred_username"
}

Denis Gukov · Answer 1 · Thu May 30 2024 20:21:35 GMT+0800 (China Standard Time)

Hi @ZifeRRoT

https://auth.mydomain.com/application/o/ansible-oidc/.well-known/openid-configuration - is it incorrect URL for Authentik? Is it need / at the end?

Thomas Boerger · Answer 2 · Fri May 31 2024 15:20:49 GMT+0800 (China Standard Time)

Here you got a fully working configuration for Authentik, I have just tested it with my own Authentik instance:

        "authentik": {
            "icon": "git",
            "display_name": "Sign in with Authentik",
            "client_id": "REDACTED",
            "client_secret": "REDACTED",
            "redirect_url": "http://localhost:3000/api/auth/oidc/authentik/redirect",
            "provider_url": "https://authentik.example.com/application/o/your-oauth-provider-name/",
            "username_claim": "preferred_username",
            "name_claim": "name",
            "email_claim": "email"
        }