Private VelaUX Authentication Configuration Fails due to UI Issuer URL Limitation #906
Description
Describe the bug
Authentication configuration with a private VelaUX not working with the options available in the UI configuration. We need a way to configure the Issuer URL
To Reproduce
-
Configure VelaUX:
- Set VelaUX to be private and configured correctly.
-
Set up Dex:
- Ensure Dex is publicly accessible and configured correctly
-
Configure Dex Connector:
- Navigate to the dex connector in Vela UX and add a new connector of your choice
-
Enable SSO by Dex
- Navigate to the Settings and choose the
User login modeasSSO by dex
- Navigate to the Settings and choose the
-
Issuer URL Configuration:
- Observe that the Issuer URL is automatically derived from the
velaAddressand stored in thedex-configsecret. - Note that the default Issuer URL uses the private Vela URL.
- Observe that the Issuer URL is automatically derived from the
-
Attempt Authentication:
- Try to authenticate using the current configuration.
- Notice that the authentication flow fails due to the private Issuer URL.
-
Workaround:
- Manually set the Issuer URL in the
dex-configsecret to the public Dex URL. - Test authentication again and observe that it works with the manual configuration.
- Manually set the Issuer URL in the
Expected behavior
We need a way to configure the Issuer URL. The dex-config gets updated on velaux restart and might override the workaround steps.
Screenshots
KubeVela Version
1.9.3
Additional context