docs: update portainer oidc config #8470
Conversation
|
Thanks for choosing to contribute @leedotpang. We lint all PR's with golangci-lint and eslint, I may add a review to your PR with some suggestions. You are free to apply the changes if you're comfortable, alternatively you are welcome to ask a team member for advice. ArtifactsThese changes once approved by a team member will be published for testing on Buildkite, DockerHub and GitHub Container Registry. Docker Container
|
WalkthroughI pity the fool who doesn't understand OpenID Connect configuration! This documentation update modifies the integration guide for Portainer with Authelia's OpenID Connect 1.0 Provider. It updates the tested version of Portainer from 2.12.2 to 2.12.4, adds Changes
Sequence DiagramsequenceDiagram
participant User
participant Portainer
participant Authelia
participant Token Endpoint
User->>Portainer: Attempt to authenticate
Portainer->>Authelia: Request authentication
Authelia->>Token Endpoint: Authenticate using client_secret_post
Token Endpoint-->>Authelia: Validate credentials
Authelia-->>Portainer: Provide authentication token
Portainer-->>User: Grant access
I PITY THE FOOL who doesn't understand this authentication flow! BOOM! 💥 Possibly related PRs
📜 Recent review detailsConfiguration used: CodeRabbit UI ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
leedotpang
changed the title
time="2024-12-17T10:00:41-05:00" level=error msg="Access Request failed with error: Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method). The request was determined to be using 'token_endpoint_auth_method' method 'client_secret_post', however the OAuth 2.0 client registration does not allow this method. The registered client with id 'portainer' is configured to only support 'token_endpoint_auth_method' method 'client_secret_basic'. Either the Authorization Server client registration will need to have the 'token_endpoint_auth_method' updated to 'client_secret_post' or the Relying Party will need to be configured to use 'client_secret_basic'." method=POST path=/api/oidc/token remote_ip=172.18.0.1 stack="github.com/authelia/authelia/v4/internal/handlers/handler_oidc_token.go:25 While implementing the 
✅ Deploy Preview for authelia-staging ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
|
Funny, I am on the way newer 2.21.4 BE (current LTS) and this has never been an issue as the Edit: Just did a fresh installation of Portainer 2.25.0 CE (STS) and I am unable to replicate this issue with the default settings |
|
@hendrik1120 hmm that's strange-- |
|
Ok, that could be the case. I am unable to even find a docker image of 2.12.4, which is why I tested the latest STS version instead. Can you maybe share link where I can find an image of that version? Your change is not wrong by any means, but 2.12.4 is at least 2 years old and without any support. We could also set |
|
@hendrik1120 You're right! I must have had a dyslexic moment because I updated that version to |
While implementing the OIDC config from the docs I ran in to the below error and was able to quickly fix it by updating the
token_endpoint_auth_methodexplained in the error.