Hi All,
I have configure OpenID Connect auth but I have this error after the redirection
[2024-12-17T13:32:05.665] [ERROR] default - ErrAuthMethodNoSuccess->Error: no success
at /usr/src/app/build/src/api/auth/passportInit.js:207:41
at allFailed (/usr/src/app/node_modules/passport/lib/middleware/authenticate.js:114:18)
at attempt (/usr/src/app/node_modules/passport/lib/middleware/authenticate.js:183:28)
at strategy.fail (/usr/src/app/node_modules/passport/lib/middleware/authenticate.js:314:9)
at /usr/src/app/node_modules/openid-client/lib/passport_strategy.js:198:12
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
Any idea about this error
do you know if openID connect use a statis “code_challenge_method” value ?
HKilic
December 17, 2024, 7:56pm
2
This error means no authentication method was successful. neither password authentication nor openid. did you configure openId?
Please also search in rest.portal container logs
“passport open id”
Please also check this blog
Yes I configure openid connect :
On the login page I click on the openid connect page then I’m forward to my openid server.
On the openId server I authenticate me and then the openID server redirect me to the Ferrumgate server
And then I have the error :
Can I decode/see in the log the return token from my openID server ?
HKilic
December 18, 2024, 6:40pm
4
please type on ferrumgate server and find container id
docker ps|grep rest.portal
then type below command and follow logs, you should see some error about open id
docker logs -f $CONTAINER_ID
So I activate the openid in the auth config :
[2024-12-19T09:40:04.468] [INFO] default - client ip address is 10.144.56.168
[2024-12-19T09:40:04.468] [DEBUG] default - checking ratelimit for /ratelimit/config/10.144.56.168/40 max:1000
[2024-12-19T09:40:04.469] [DEBUG] default - checking ratelimit for /ratelimit/config/10.144.56.168/40 current:1 max:1000
[2024-12-19T09:40:04.469] [DEBUG] default - checking ratelimit for /ratelimit/configHourly/10.144.56.168/40 max:10000
[2024-12-19T09:40:04.469] [DEBUG] default - checking ratelimit for /ratelimit/configHourly/10.144.56.168/40 current:1 max:10000
[2024-12-19T09:40:04.470] [DEBUG] default - checking ratelimit for /ratelimit/configDaily/10.144.56.168/40 max:100000
[2024-12-19T09:40:04.470] [DEBUG] default - checking ratelimit for /ratelimit/configDaily/10.144.56.168/40 current:1 max:100000
[2024-12-19T09:40:04.470] [WARN] default - captcha settings is empty, please fill it
[2024-12-19T09:40:04.472] [INFO] default - getAccessToken eyJhbG
[2024-12-19T09:40:04.476] [INFO] default - authorizing with for rights Admin
[2024-12-19T09:40:04.476] [INFO] default - update config auth openid provider
[2024-12-19T09:40:04.485] [INFO] default - /logs/system logs getted size: 2
[2024-12-19T09:40:04.486] [INFO] default - /logs/config logs getted size: 2
[2024-12-19T09:40:04.486] [INFO] default - system changed log received /config/auth/openId/providers
[2024-12-19T09:40:04.486] [WARN] default - not implemented path /config/auth/openId/providers
[2024-12-19T09:40:04.486] [INFO] default - config changed /config/auth/openId/providers -> put id:3IlSqxghA7bOPr5s
[2024-12-19T09:40:04.487] [INFO] default - system changed log received /config/lastUpdateTime
[2024-12-19T09:40:04.487] [WARN] default - not implemented path /config/lastUpdateTime
[2024-12-19T09:40:04.487] [INFO] default - config changed /config/lastUpdateTime -> put id:unknown
[2024-12-19T09:40:44.658] [INFO] default - client ip address is 10.144.56.168
[2024-12-19T09:40:44.658] [DEBUG] default - checking ratelimit for /ratelimit/clientTunnel/10.144.56.168/40 max:1000
[2024-12-19T09:40:44.659] [DEBUG] default - checking ratelimit for /ratelimit/clientTunnel/10.144.56.168/40 current:1 max:1000
[2024-12-19T09:40:44.659] [DEBUG] default - checking ratelimit for /ratelimit/clientTunnelHourly/10.144.56.168/40 max:10000
[2024-12-19T09:40:44.659] [DEBUG] default - checking ratelimit for /ratelimit/clientTunnelHourly/10.144.56.168/40 current:1 max:10000
[2024-12-19T09:40:44.659] [DEBUG] default - checking ratelimit for /ratelimit/clientTunnelDaily/10.144.56.168/40 max:100000
[2024-12-19T09:40:44.660] [DEBUG] default - checking ratelimit for /ratelimit/clientTunnelDaily/10.144.56.168/40 current:1 max:100000
[2024-12-19T09:40:44.660] [WARN] default - captcha settings is empty, please fill it
[2024-12-19T09:40:44.662] [INFO] default - passport init url: https://vault.dmp.orange.com
[2024-12-19T09:40:44.765] [INFO] default - passport with tunnelKey: k2vHnIKMRVbXvMKxac6YZUmk1kSvSV6F486p4PjAh7B4vpHy9i4Llmu7J6mbaXP
[2024-12-19T09:40:44.767] [INFO] default - i am alive tunnel: k2vHnIKMRVbXvMKxac6YZUmk1kSvSV6F486p4PjAh7B4vpHy9i4Llmu7J6mbaXP
[2024-12-19T09:40:44.768] [INFO] default - /logs/system logs getted size: 1
[2024-12-19T09:40:57.556] [DEBUG] default - checking file under folder /var/lib/ferrumgate/override.config
Then I try to loggin use openID connect
[2024-12-19T09:41:06.210] [INFO] default - client ip address is 10.144.56.168
[2024-12-19T09:41:06.211] [DEBUG] default - checking ratelimit for /ratelimit/configPublic/10.144.56.168/41 max:1000
[2024-12-19T09:41:06.218] [DEBUG] default - checking ratelimit for /ratelimit/configPublic/10.144.56.168/41 current:1 max:1000
[2024-12-19T09:41:06.218] [DEBUG] default - checking ratelimit for /ratelimit/configPublicHourly/10.144.56.168/41 max:10000
[2024-12-19T09:41:06.222] [DEBUG] default - checking ratelimit for /ratelimit/configPublicHourly/10.144.56.168/41 current:1 max:10000
[2024-12-19T09:41:06.222] [DEBUG] default - checking ratelimit for /ratelimit/configPublicDaily/10.144.56.168/41 max:100000
[2024-12-19T09:41:06.224] [DEBUG] default - checking ratelimit for /ratelimit/configPublicDaily/10.144.56.168/41 current:1 max:100000
[2024-12-19T09:41:06.224] [INFO] default - getting public config
[2024-12-19T09:41:15.019] [INFO] default - client ip address is 10.144.56.168
[2024-12-19T09:41:15.019] [DEBUG] default - checking ratelimit for /ratelimit/auth/10.144.56.168/41 max:2500
[2024-12-19T09:41:15.019] [DEBUG] default - checking ratelimit for /ratelimit/auth/10.144.56.168/41 current:1 max:2500
[2024-12-19T09:41:15.019] [DEBUG] default - checking ratelimit for /ratelimit/authHourly/10.144.56.168/41 max:10000
[2024-12-19T09:41:15.020] [DEBUG] default - checking ratelimit for /ratelimit/authHourly/10.144.56.168/41 current:1 max:10000
[2024-12-19T09:41:15.020] [DEBUG] default - checking ratelimit for /ratelimit/authDaily/10.144.56.168/41 max:200000
[2024-12-19T09:41:15.021] [DEBUG] default - checking ratelimit for /ratelimit/authDaily/10.144.56.168/41 current:1 max:200000
[2024-12-19T09:41:15.021] [WARN] default - captcha settings is empty, please fill it
[2024-12-19T09:41:51.576] [INFO] default - client ip address is 10.144.56.168
[2024-12-19T09:41:51.577] [DEBUG] default - checking ratelimit for /ratelimit/configPublic/10.144.56.168/41 max:1000
[2024-12-19T09:41:51.577] [DEBUG] default - checking ratelimit for /ratelimit/configPublic/10.144.56.168/41 current:2 max:1000
[2024-12-19T09:41:51.577] [DEBUG] default - checking ratelimit for /ratelimit/configPublicHourly/10.144.56.168/41 max:10000
[2024-12-19T09:41:51.578] [DEBUG] default - checking ratelimit for /ratelimit/configPublicHourly/10.144.56.168/41 current:2 max:10000
[2024-12-19T09:41:51.578] [DEBUG] default - checking ratelimit for /ratelimit/configPublicDaily/10.144.56.168/41 max:100000
[2024-12-19T09:41:51.578] [DEBUG] default - checking ratelimit for /ratelimit/configPublicDaily/10.144.56.168/41 current:2 max:100000
[2024-12-19T09:41:51.578] [INFO] default - getting public config
[2024-12-19T09:41:52.689] [INFO] default - client ip address is 10.144.56.168
[2024-12-19T09:41:52.689] [DEBUG] default - checking ratelimit for /ratelimit/auth/10.144.56.168/41 max:2500
[2024-12-19T09:41:52.689] [DEBUG] default - checking ratelimit for /ratelimit/auth/10.144.56.168/41 current:2 max:2500
[2024-12-19T09:41:52.690] [DEBUG] default - checking ratelimit for /ratelimit/authHourly/10.144.56.168/41 max:10000
[2024-12-19T09:41:52.690] [DEBUG] default - checking ratelimit for /ratelimit/authHourly/10.144.56.168/41 current:2 max:10000
[2024-12-19T09:41:52.690] [DEBUG] default - checking ratelimit for /ratelimit/authDaily/10.144.56.168/41 max:200000
[2024-12-19T09:41:52.690] [DEBUG] default - checking ratelimit for /ratelimit/authDaily/10.144.56.168/41 current:2 max:200000
[2024-12-19T09:41:52.690] [WARN] default - captcha settings is empty, please fill it
[2024-12-19T09:41:53.172] [ERROR] default - ErrAuthMethodNoSuccess->Error: no success
at /usr/src/app/build/src/api/auth/passportInit.js:207:41
at allFailed (/usr/src/app/node_modules/passport/lib/middleware/authenticate.js:114:18)
at attempt (/usr/src/app/node_modules/passport/lib/middleware/authenticate.js:183:28)
at strategy.fail (/usr/src/app/node_modules/passport/lib/middleware/authenticate.js:314:9)
at /usr/src/app/node_modules/openid-client/lib/passport_strategy.js:198:12
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
[2024-12-19T09:41:57.281] [DEBUG] default - checking files under folder /tmp/pki
[2024-12-19T09:41:57.557] [DEBUG] default - checking file under folder /var/lib/ferrumgate/override.config
no error except the last one
So I found the mistake.
Per default open-id client library use RS256 algorithm :
id_token_signed_response_alg: <string> Default: 'RS256'
So we modify the response of our openid server to use this algorithm
Can you implement the possibility to select this parameter in the auth configuration
Thanks
HKilic
December 19, 2024, 9:03pm
7
Ok. I will add it to support list. Thanks
opened 09:04PM - 19 Dec 24 UTC
Per default open-id client library use RS256 algorithm :
Can you implement the … possibility to select this parameter in the auth configuration
https://community.ferrumgate.com/t/openid-connect-error/143/7