Hi @Ruslan @santhoshrajs
I am trying to enable auth for temporal with our internal OIDC and getting 404 error while loading page on redirect uri which is http://localhost:8088/auth/sso_callback
AggregateError:
temporal-web_1 | OPError: expected 200 OK, got: 404 Not Found
temporal-web_1 | at processResponse (/usr/app/node_modules/openid-client/lib/helpers/process_response.js:48:11)
temporal-web_1 | at /usr/app/node_modules/openid-client/lib/issuer.js:262:20
After debugging the js file i see temporal web is trying to access the resource at https://org-auth-url.dev/as/authorization.oauth2/.well-known/openid-configuration
. which is not valid in our case.
Our auth server providing resource like https://org-auth-url.dev/.well-known/openid-configuration
Did you guys face any such issues? Do we have any properties to configure these urls? Please help.
Please Ignore this. my source url is the issue in config.yml
2 Likes
Hi @santhoshrajs @Harshwardhan_Kakra
I followed helm charts and did the same setup for sso the way you mentioned here to deploy, but config.yml is not override in the mount location.
Could you please share the fix you did to solve this? It will be helpful to check my side if i am making same mistake
Thanks in advance
I am stuck with the same question. Temporal is deployed on AKS and i can’t even enable the auth screen to show up.
from values.yaml
web:
enabled: true
config:
# server/config.yml file content
auth:
enabled: true
providers:
- label: 'Ping Auth' # for internal use; in future may expose as button text
type: oidc # for futureproofing; only oidc is supported today
issuer: https://url
client_id: Temporal_Test
client_secret: secret
scope: openid profile email
audience: # identifier of the audience for an issued token (optional)
callback_base_uri: https://temporal.mycluster
pass_id_token: false
The pod does have the config map mapped:
Volumes:
temporal-web-config:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: temporal-web-config
Optional: false
Configmap does look ok:
Data
====
config.yml:
----
auth:
enabled: true
providers:
- audience: null
callback_base_uri: https://temporal.mycluster
client_id: Temporal_Test
client_secret: secret
issuer: https://url
label: Ping Auth
pass_id_token: false
scope: openid profile email
type: oidc
routing:
issue_report_link: https://github.com/temporalio/web/issues/new/choose
BinaryData
====