Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ISSUE] Identity not disabled with OIDC enabled for version 8.4+gen15 #2540

Open
Szik opened this issue Nov 8, 2024 · 0 comments
Open

[ISSUE] Identity not disabled with OIDC enabled for version 8.4+gen15 #2540

Szik opened this issue Nov 8, 2024 · 0 comments
Assignees
@jessesimpson36
Labels
kind/issue Unidentified issue, it could be a bug, misconfig, or anything in between platform/gcp Issues related to GCP platform/local team/distribution Issues related to the Distribution Team.

Comments

@Szik
Copy link

Szik commented Nov 8, 2024
edited
Loading

Describe the issue:

Identity not disabled when testing with EntraID (OIDC)

Actual behavior:

Identity pod unhealthy and should not be there as OIDC with 8.4 is not supporting Identity UI

Expected behavior:

Identity is disabled when OIDC is enabled.

How to reproduce:
Enable OIDC when installing via helm.

Logs:
Identity

2024-10-09T13:24:03.710Z ERROR 1 --- [           main] o.s.b.d.LoggingFailureAnalysisReporter   : 

***************************
APPLICATION FAILED TO START
***************************

Description:

Parameter 1 of constructor in io.camunda.identity.controller.PublicAuthorizationController required a bean of type 'io.camunda.identity.service.AuthorizationService' that could not be found.


Action:

Consider defining a bean of type 'io.camunda.identity.service.AuthorizationService' in your configuration.

Environment:

Please note: Without the following info, it's hard to resolve the issue and probably it will be closed.

  • Platform: GCP, local
  • Helm CLI version: v3.13.1
  • Chart version: snapshot-8.4
  • Values file:
global:
  identity:
    auth:
      enabled: true
      {{- if .Values.OIDC }}
      issuer: "https://login.microsoftonline.com/****/v2.0"
      issuerBackendUrl: "https://login.microsoftonline.com/****/v2.0"
      tokenUrl: "https://login.microsoftonline.com/****/oauth2/v2.0/token"
      jwksUrl: "https://login.microsoftonline.com/****/discovery/v2.0/keys"
      type: "MICROSOFT"
      publicIssuerUrl: "https://login.microsoftonline.com/****/v2.0"
      {{- if or (eq .Values.version "alpha") (semverCompare ">=8.5.0" .Values.version) }}
      identity:
        clientId: "****"
        existingSecret: "****"
        audience: "****"
        initialClaimValue: "****"
        redirectUrl: "https://{{ .Values.HOST_PREFIX }}.{{ .Values.host }}/identity"
      {{- end }}
      operate:
        clientId: "****"
        audience: "****"
        existingSecret: "****"
        redirectUrl: "https://{{ .Values.HOST_PREFIX }}.{{ .Values.host }}/operate"
      console:
        clientId: "****"
        audience: "****"
        redirectUrl: "https://{{ .Values.HOST_PREFIX }}.{{ .Values.host }}"
        tokenScope: ""
      connectors:
        clientId: "****"
        audience: "****"
        existingSecret: "****"
      optimize:
        clientId: "****"
        audience: "****"
        existingSecret: "****"
        redirectUrl: "https://{{ .Values.HOST_PREFIX }}.{{ .Values.host }}/optimize"
      tasklist:
        clientId: "****"
        audience: "****"
        existingSecret: "****"
        redirectUrl: "https://{{ .Values.HOST_PREFIX }}.{{ .Values.host }}/tasklist"
      webModeler:
        clientId: "****"
        clientApiAudience: "****"
        publicApiAudience: "****"
        redirectUrl: "https://{{ .Values.HOST_PREFIX }}.{{ .Values.host }}/modeler"
      zeebe:
        clientId: "****"
        audience: "****"
        existingSecret: "****"
        tokenScope: "****/.default"
        redirectUrl: "https://{{ .Values.HOST_PREFIX }}.{{ .Values.host }}/optimize"
      {{- else }}
      publicIssuerUrl: "https://{{ .Values.HOST_PREFIX }}.{{ .Values.host }}/auth/realms/camunda-platform"
      operate:
        redirectUrl: "https://{{ .Values.HOST_PREFIX }}.{{ .Values.host }}/operate"
      tasklist:
        redirectUrl: "https://{{ .Values.HOST_PREFIX }}.{{ .Values.host }}/tasklist"
      optimize:
        redirectUrl: "https://{{ .Values.HOST_PREFIX }}.{{ .Values.host }}/optimize"
      console:
        redirectUrl: "https://{{ .Values.HOST_PREFIX }}.{{ .Values.host }}"
      webModeler:
        redirectUrl: "https://{{ .Values.HOST_PREFIX }}.{{ .Values.host }}/modeler"
      {{- end }}
  multitenancy:
    enabled: {{ .Values.MT }}
  ingress:
    enabled: true
    className: nginx
    host: "{{ .Values.HOST_PREFIX }}.{{ .Values.host }}"
    tls:
      enabled: true
      secretName: camunda-platform
    annotations:
      external-dns.alpha.kubernetes.io/hostname: "{{ .Values.HOST_PREFIX }}.{{ .Values.host }}"
      external-dns.alpha.kubernetes.io/ttl: "60"
      ```
@Szik Szik added team/distribution Issues related to the Distribution Team. kind/issue Unidentified issue, it could be a bug, misconfig, or anything in between labels Nov 8, 2024
@github-actions github-actions bot added platform/gcp Issues related to GCP platform/local labels Nov 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jessesimpson36 jessesimpson36

Labels
kind/issue Unidentified issue, it could be a bug, misconfig, or anything in between platform/gcp Issues related to GCP platform/local team/distribution Issues related to the Distribution Team.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jessesimpson36 @Szik