OpenID Connect error

Hi All,

I have configure OpenID Connect auth but I have this error after the redirection

[2024-12-17T13:32:05.665] [ERROR] default - ErrAuthMethodNoSuccess->Error: no success
    at /usr/src/app/build/src/api/auth/passportInit.js:207:41
    at allFailed (/usr/src/app/node_modules/passport/lib/middleware/authenticate.js:114:18)
    at attempt (/usr/src/app/node_modules/passport/lib/middleware/authenticate.js:183:28)
    at strategy.fail (/usr/src/app/node_modules/passport/lib/middleware/authenticate.js:314:9)
    at /usr/src/app/node_modules/openid-client/lib/passport_strategy.js:198:12
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)

Any idea about this error
do you know if openID connect use a statis “code_challenge_method” value ?

This error means no authentication method was successful. neither password authentication nor openid. did you configure openId?
Please also search in rest.portal container logs
“passport open id”

Please also check this blog

Yes I configure openid connect :

On the login page I click on the openid connect page then I’m forward to my openid server.
On the openId server I authenticate me and then the openID server redirect me to the Ferrumgate server

And then I have the error :

Can I decode/see in the log the return token from my openID server ?

please type on ferrumgate server and find container id
docker ps|grep rest.portal
then type below command and follow logs, you should see some error about open id
docker logs -f $CONTAINER_ID

So I activate the openid in the auth config :

[2024-12-19T09:40:04.468] [INFO] default - client ip address is 10.144.56.168
[2024-12-19T09:40:04.468] [DEBUG] default - checking ratelimit for /ratelimit/config/10.144.56.168/40 max:1000
[2024-12-19T09:40:04.469] [DEBUG] default - checking ratelimit for /ratelimit/config/10.144.56.168/40 current:1 max:1000
[2024-12-19T09:40:04.469] [DEBUG] default - checking ratelimit for /ratelimit/configHourly/10.144.56.168/40 max:10000
[2024-12-19T09:40:04.469] [DEBUG] default - checking ratelimit for /ratelimit/configHourly/10.144.56.168/40 current:1 max:10000
[2024-12-19T09:40:04.470] [DEBUG] default - checking ratelimit for /ratelimit/configDaily/10.144.56.168/40 max:100000
[2024-12-19T09:40:04.470] [DEBUG] default - checking ratelimit for /ratelimit/configDaily/10.144.56.168/40 current:1 max:100000
[2024-12-19T09:40:04.470] [WARN] default - captcha settings is empty, please fill it
[2024-12-19T09:40:04.472] [INFO] default - getAccessToken eyJhbG
[2024-12-19T09:40:04.476] [INFO] default - authorizing with for rights Admin
[2024-12-19T09:40:04.476] [INFO] default - update config auth openid provider
[2024-12-19T09:40:04.485] [INFO] default - /logs/system logs getted size: 2
[2024-12-19T09:40:04.486] [INFO] default - /logs/config logs getted size: 2
[2024-12-19T09:40:04.486] [INFO] default - system changed log received /config/auth/openId/providers
[2024-12-19T09:40:04.486] [WARN] default - not implemented path /config/auth/openId/providers
[2024-12-19T09:40:04.486] [INFO] default - config changed /config/auth/openId/providers -> put id:3IlSqxghA7bOPr5s
[2024-12-19T09:40:04.487] [INFO] default - system changed log received /config/lastUpdateTime
[2024-12-19T09:40:04.487] [WARN] default - not implemented path /config/lastUpdateTime
[2024-12-19T09:40:04.487] [INFO] default - config changed /config/lastUpdateTime -> put id:unknown
[2024-12-19T09:40:44.658] [INFO] default - client ip address is 10.144.56.168
[2024-12-19T09:40:44.658] [DEBUG] default - checking ratelimit for /ratelimit/clientTunnel/10.144.56.168/40 max:1000
[2024-12-19T09:40:44.659] [DEBUG] default - checking ratelimit for /ratelimit/clientTunnel/10.144.56.168/40 current:1 max:1000
[2024-12-19T09:40:44.659] [DEBUG] default - checking ratelimit for /ratelimit/clientTunnelHourly/10.144.56.168/40 max:10000
[2024-12-19T09:40:44.659] [DEBUG] default - checking ratelimit for /ratelimit/clientTunnelHourly/10.144.56.168/40 current:1 max:10000
[2024-12-19T09:40:44.659] [DEBUG] default - checking ratelimit for /ratelimit/clientTunnelDaily/10.144.56.168/40 max:100000
[2024-12-19T09:40:44.660] [DEBUG] default - checking ratelimit for /ratelimit/clientTunnelDaily/10.144.56.168/40 current:1 max:100000
[2024-12-19T09:40:44.660] [WARN] default - captcha settings is empty, please fill it
[2024-12-19T09:40:44.662] [INFO] default - passport init url: https://vault.dmp.orange.com
[2024-12-19T09:40:44.765] [INFO] default - passport with tunnelKey: k2vHnIKMRVbXvMKxac6YZUmk1kSvSV6F486p4PjAh7B4vpHy9i4Llmu7J6mbaXP
[2024-12-19T09:40:44.767] [INFO] default - i am alive tunnel: k2vHnIKMRVbXvMKxac6YZUmk1kSvSV6F486p4PjAh7B4vpHy9i4Llmu7J6mbaXP
[2024-12-19T09:40:44.768] [INFO] default - /logs/system logs getted size: 1
[2024-12-19T09:40:57.556] [DEBUG] default - checking file under folder /var/lib/ferrumgate/override.config

Then I try to loggin use openID connect

[2024-12-19T09:41:06.210] [INFO] default - client ip address is 10.144.56.168
[2024-12-19T09:41:06.211] [DEBUG] default - checking ratelimit for /ratelimit/configPublic/10.144.56.168/41 max:1000
[2024-12-19T09:41:06.218] [DEBUG] default - checking ratelimit for /ratelimit/configPublic/10.144.56.168/41 current:1 max:1000
[2024-12-19T09:41:06.218] [DEBUG] default - checking ratelimit for /ratelimit/configPublicHourly/10.144.56.168/41 max:10000
[2024-12-19T09:41:06.222] [DEBUG] default - checking ratelimit for /ratelimit/configPublicHourly/10.144.56.168/41 current:1 max:10000
[2024-12-19T09:41:06.222] [DEBUG] default - checking ratelimit for /ratelimit/configPublicDaily/10.144.56.168/41 max:100000
[2024-12-19T09:41:06.224] [DEBUG] default - checking ratelimit for /ratelimit/configPublicDaily/10.144.56.168/41 current:1 max:100000
[2024-12-19T09:41:06.224] [INFO] default - getting public config
[2024-12-19T09:41:15.019] [INFO] default - client ip address is 10.144.56.168
[2024-12-19T09:41:15.019] [DEBUG] default - checking ratelimit for /ratelimit/auth/10.144.56.168/41 max:2500
[2024-12-19T09:41:15.019] [DEBUG] default - checking ratelimit for /ratelimit/auth/10.144.56.168/41 current:1 max:2500
[2024-12-19T09:41:15.019] [DEBUG] default - checking ratelimit for /ratelimit/authHourly/10.144.56.168/41 max:10000
[2024-12-19T09:41:15.020] [DEBUG] default - checking ratelimit for /ratelimit/authHourly/10.144.56.168/41 current:1 max:10000
[2024-12-19T09:41:15.020] [DEBUG] default - checking ratelimit for /ratelimit/authDaily/10.144.56.168/41 max:200000
[2024-12-19T09:41:15.021] [DEBUG] default - checking ratelimit for /ratelimit/authDaily/10.144.56.168/41 current:1 max:200000
[2024-12-19T09:41:15.021] [WARN] default - captcha settings is empty, please fill it
[2024-12-19T09:41:51.576] [INFO] default - client ip address is 10.144.56.168
[2024-12-19T09:41:51.577] [DEBUG] default - checking ratelimit for /ratelimit/configPublic/10.144.56.168/41 max:1000
[2024-12-19T09:41:51.577] [DEBUG] default - checking ratelimit for /ratelimit/configPublic/10.144.56.168/41 current:2 max:1000
[2024-12-19T09:41:51.577] [DEBUG] default - checking ratelimit for /ratelimit/configPublicHourly/10.144.56.168/41 max:10000
[2024-12-19T09:41:51.578] [DEBUG] default - checking ratelimit for /ratelimit/configPublicHourly/10.144.56.168/41 current:2 max:10000
[2024-12-19T09:41:51.578] [DEBUG] default - checking ratelimit for /ratelimit/configPublicDaily/10.144.56.168/41 max:100000
[2024-12-19T09:41:51.578] [DEBUG] default - checking ratelimit for /ratelimit/configPublicDaily/10.144.56.168/41 current:2 max:100000
[2024-12-19T09:41:51.578] [INFO] default - getting public config
[2024-12-19T09:41:52.689] [INFO] default - client ip address is 10.144.56.168
[2024-12-19T09:41:52.689] [DEBUG] default - checking ratelimit for /ratelimit/auth/10.144.56.168/41 max:2500
[2024-12-19T09:41:52.689] [DEBUG] default - checking ratelimit for /ratelimit/auth/10.144.56.168/41 current:2 max:2500
[2024-12-19T09:41:52.690] [DEBUG] default - checking ratelimit for /ratelimit/authHourly/10.144.56.168/41 max:10000
[2024-12-19T09:41:52.690] [DEBUG] default - checking ratelimit for /ratelimit/authHourly/10.144.56.168/41 current:2 max:10000
[2024-12-19T09:41:52.690] [DEBUG] default - checking ratelimit for /ratelimit/authDaily/10.144.56.168/41 max:200000
[2024-12-19T09:41:52.690] [DEBUG] default - checking ratelimit for /ratelimit/authDaily/10.144.56.168/41 current:2 max:200000
[2024-12-19T09:41:52.690] [WARN] default - captcha settings is empty, please fill it
[2024-12-19T09:41:53.172] [ERROR] default - ErrAuthMethodNoSuccess->Error: no success
    at /usr/src/app/build/src/api/auth/passportInit.js:207:41
    at allFailed (/usr/src/app/node_modules/passport/lib/middleware/authenticate.js:114:18)
    at attempt (/usr/src/app/node_modules/passport/lib/middleware/authenticate.js:183:28)
    at strategy.fail (/usr/src/app/node_modules/passport/lib/middleware/authenticate.js:314:9)
    at /usr/src/app/node_modules/openid-client/lib/passport_strategy.js:198:12
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
[2024-12-19T09:41:57.281] [DEBUG] default - checking files under folder /tmp/pki
[2024-12-19T09:41:57.557] [DEBUG] default - checking file under folder /var/lib/ferrumgate/override.config

no error except the last one

So I found the mistake.
Per default open-id client library use RS256 algorithm :

id_token_signed_response_alg: <string> Default: 'RS256'

So we modify the response of our openid server to use this algorithm

Can you implement the possibility to select this parameter in the auth configuration

Thanks

Ok. I will add it to support list. Thanks

Thanks for your help