Okta oidc is failing post authentication #11886

brad1193 · 2024-11-18T23:38:31Z

Describe the bug
Okta oidc is failing to complete authentication with the error:
Failed to perform post authentication steps. Error message: com.linkedin.r2.RemoteInvocationException: Failed to get response from server for URI http://datahub-datahub-gms:8080/aspects

To Reproduce
Steps to reproduce the behavior:

Create an okta tests account https://www.okta.com/free-trial/
Follow the kubernets setup instructions for the helm values https://datahubproject.io/docs/authentication/guides/sso/configure-oidc-react#kubernetes
Attempt to login through to datahub cluster with okta single sign on.
Get error in browser window for failed response.

Expected behavior
Expecting to be redirected to my users authenticated datahub acccount.
Screenshots

Desktop (please complete the following information):

macOS 15.0.1
Browser Chrome 130.0.6723.117

Additional context
Helm Version version.BuildInfo{Version:"v3.6.1", GitCommit:"61d8e8c4a6f95540c15c6a65f36a6dd0a45e7a2f", GitTreeState:"clean", GoVersion:"go1.16.5"}
Kubernets version v1.30.4-eks-a737599
Helm chart values:

source:
  repoURL: https://helm.datahubproject.io
  targetRevision: 0.4.36
  helm:
    releaseName: datahub
    values: |
      acryl-datahub-actions:
        enabled: true
        extraVolumeMounts:
          - mountPath: /mnt
            name: datahub-acrylactions
        extraVolumes:
          - name: datahub-acrylactions
        resources:
          limits:
            memory: 4Gi
          requests:
            cpu: 1000m
            memory: 2Gi
        serviceMonitor:
          create: true
      datahub-frontend:
        extraEnvs:
          - name: AUTH_JAAS_ENABLED
            value: "false"
        enabled: true
        exporters:
          jmx:
            enabled: true
        oidcAuthentication:
          clientId: xxxxxxxxxxxxxxxxxx
          clientSecretRef:
            secretKey: clientSecret
            secretRef: okta-oidc
          enabled: true
          oktaDomain: rent.okta.com
          provider: okta
        resources:
          limits:
            cpu: 1000m
            memory: 2G
          requests:
            cpu: 1000m
            memory: 2G
        service:
          type: ClusterIP
        serviceMonitor:
          create: true
        ingress:
          enabled: false
          hosts:
            - host: datahub.tools.rent.com
      datahub-gms:
        enabled: true
        resources:
          limits:
            cpu: 2000m
            memory: 4G
          requests:
            cpu: 2000m
            memory: 4G
        service:
          type: ClusterIP
        serviceMonitor:
          create: enabled
      datahubSystemUpdate:
        enabled: false
        podAnnotations:
          sidecar.istio.io/inject: "false"
      datahubUpgrade:
        enabled: true
        podAnnotations:
          sidecar.istio.io/inject: "false"
      elasticsearchSetupJob:
        enabled: true
        podAnnotations:
          sidecar.istio.io/inject: "false"
      global:
        datahub:
          gms:
            host: datahub-gms.tools.rent.com
            port: 443
          metadata_service_authentication:
            enabled: false
        datahub_analytics_enabled: true
        elasticsearch:
          host: "elasticsearch-master"
          port: "9200"
        kafka:
          bootstrap:
            server: "datahub-prerequisites-kafka:9092"
          zookeeper:
            server: "datahub-prerequisites-zookeeper:2181"
        monitoring:
          enableJMXPort: true
          enablePrometheus: true
        neo4j:
          host: "datahub-prerequisites-neo4j-community:7474"
          uri: "bolt://datahub-prerequisites-neo4j-community"
        sql:
          datasource:
            host: "datahub-prerequisites-mysql:3306"
            hostForMysqlClient: "datahub-prerequisites-mysql"
            password:
              secretKey: mysql-root-password
              secretRef: mysql-secrets
            port: "3306"
            url: "jdbc:mysql://datahub-prerequisites-mysql:3306/datahub?verifyServerCertificate=false&useSSL=true&useUnicode=yes&characterEncoding=UTF-8&enabledTLSProtocols=TLSv1.2"
            username: "xxxxxxxxx"
      kafkaSetupJob:
        enabled: true
        podAnnotations:
          sidecar.istio.io/inject: "false"
      mysqlSetupJob:
        enabled: true
        podAnnotations:
          sidecar.istio.io/inject: "false"
      postgresqlSetupJob:
        enabled: false
  chart: datahub
destination:
  server: https://kubernetes.default.svc
  namespace: datahub
syncPolicy:
  automated:
    prune: true
    selfHeal: true
  syncOptions:
    - ApplyOutOfSyncOnly=true
revisionHistoryLimit: 2

The text was updated successfully, but these errors were encountered:

brad1193 added the bug Bug report label Nov 18, 2024

brad1193 changed the title ~~Okta oidc is failing post authentcation~~ Okta oidc is failing post authentication Nov 18, 2024

RyanHolstien added devops PR or Issue related to DataHub backend & deployment platform PR-s that make changes to core parts of the platform labels Nov 20, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Okta oidc is failing post authentication #11886

Okta oidc is failing post authentication #11886

brad1193 commented Nov 18, 2024 •

edited

Loading

Okta oidc is failing post authentication #11886

Okta oidc is failing post authentication #11886

Comments

brad1193 commented Nov 18, 2024 • edited Loading

brad1193 commented Nov 18, 2024 •

edited

Loading