Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OIDC fails on 2.14.x #21825

Open
OteemoSanjay opened this issue Feb 8, 2025 · 3 comments
Open

OIDC fails on 2.14.x #21825

OteemoSanjay opened this issue Feb 8, 2025 · 3 comments
Labels
bug Something isn't working

Comments

@OteemoSanjay
Copy link

Describe the bug

When enabling OIDC via the argocd-cm.json. On a newer version OIDC fails.
If i revert to 2.13.2 then same OIDC file functions correctly

To Reproduce

  1. Install ArgoCD 2.14.2
  2. Apply the argocd-cm.json from an old backup.
  3. If I try to access the ArgoCD UI, OIDC connects to our OIDC server
  4. This fails.

Expected behavior

  1. Normal behavior would be that we can login via OIDC.
  2. If I click the Login button after OIDC is enabled.
  3. This is in the logs (shown below)
  4. Reverting to old argoCD (2.13.2) and same OIDC file functions

Screenshots

Version

argoCD 2.14.2

Logs

time="2025-02-08T15:13:30Z" level=info msg="Initializing OIDC provider (issuer: https://www.XXX.edu/cas/oidc)"
time="2025-02-08T15:13:31Z" level=info msg="OIDC supported scopes: [openid profile email address phone offline_access groups]"
time="2025-02-08T15:13:31Z" level=info msg="Performing authorization_code flow login: https://www.XXX.edu/cas/oidc/oidcAuthorize?client_id=AQ6GkRYKQ3Q94lfsFmQvmqOoXOoa5SGA4PAh&redirect_uri=https%3A%2F%2Fdeployment.sand.lib.XXX.edu%2Fauth%2Fcallback&response_type=code&scope=openid+profile+email+groups&state=IuVpGVzxCerCYQuvJVZufxur"
time="2025-02-08T15:13:42Z" level=info msg="Callback: /auth/callback?code=OC-240-FzeiLReG-AIj02bQhQzlKgMS6PrdZtP-&state=IuVpGVzxCerCYQuvJVZufxur"
time="2025-02-08T15:13:45Z" level=warning msg="Failed to resync revoked tokens. retrying again in 1 minute: WRONGPASS invalid username-password pair or user is disabled."
time="2025-02-08T15:14:45Z" level=warning msg="Failed to resync revoked tokens. retrying again in 1 minute: WRONGPASS invalid username-password pair or user is disabled."
time="2025-02-08T15:15:45Z" level=info msg="invalidated cache for resource in namespace: argocd with the name: argocd-notifications-cm"```
@OteemoSanjay OteemoSanjay added the bug Something isn't working label Feb 8, 2025
@stvishw
Copy link

stvishw commented Feb 10, 2025

Form your logs, WRONGPASS invalid username-password pair or user is disabled.
Seems issue is with token validation.
RIght.

@OteemoSanjay
Copy link
Author

OteemoSanjay commented Feb 10, 2025 via email

@OteemoSanjay
Copy link
Author

hi

But its not. Because if you see the description, if I revert back to 2.13.2 and kubectl the argocd-cm.json file.
Then that token and hence username and password work fine on 2.13.2

rgds sanj

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stvishw @OteemoSanjay