You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello and thanks for that awesomely useful service 👌
I frequently use https://oidctest.wsweet.org/ to configure, test and validate OpenIDConnect authentication on various web and software elements, and I found myself facing an issue with traefik-forward-auth doing so...
And here's the error returned by traefik-forward-auth container
user@redacted:/opt/web-traefik$ docker logs -f auth
time="2023-10-26T22:53:01Z" level=fatal msg="oidc: issuer did not match the issuer returned by provider, expected \"https://oidctest.wsweet.org\" got \"https://oidctest.wsweet.org/\""
time="2023-10-26T22:53:02Z" level=fatal msg="oidc: issuer did not match the issuer returned by provider, expected \"https://oidctest.wsweet.org\" got \"https://oidctest.wsweet.org/\""
time="2023-10-26T22:53:03Z" level=fatal msg="oidc: issuer did not match the issuer returned by provider, expected \"https://oidctest.wsweet.org\" got \"https://oidctest.wsweet.org/\""
time="2023-10-26T22:53:04Z" level=fatal msg="oidc: issuer did not match the issuer returned by provider, expected \"https://oidctest.wsweet.org\" got \"https://oidctest.wsweet.org/\""
I then tried to add the trailing slash that seem to be missing but got the exact same error
OIDC_META_URL=https://oidctest.wsweet.org/
It worked well when I switched to Microsoft provider, following associated guide so I believe it's related to other "various" providers, and it may affect other people... Maybe there's something in the code that removes the last trailing slash ? or maybe the verification rule needs to be softened ?* I didn't check the code yet however, so you may be know better than me
The text was updated successfully, but these errors were encountered:
I'm having a similar issue, where in my setup the URL I'm providing traefik-forward-auth is not exactly the same as the one Keycloak is thinking to run under. Therefore they differ.
I guess OIDC_META_URL could be exactly what I'd need but I can't find any info about that option within the repo. Is this from a fork or part of a PR that hasn't been merged yet?
In case someone stumbles upon it: I solved my issue by adding a network-alias to my docker-compose so that the services was reachable within the internal docker-network by its external DNS-address as well:
Hello and thanks for that awesomely useful service 👌
I frequently use https://oidctest.wsweet.org/ to configure, test and validate OpenIDConnect authentication on various web and software elements, and I found myself facing an issue with
traefik-forward-auth
doing so...Here's what my
.env
looked likeAnd here's the error returned by
traefik-forward-auth
containerI then tried to add the trailing slash that seem to be missing but got the exact same error
It worked well when I switched to Microsoft provider, following associated guide so I believe it's related to other "various" providers, and it may affect other people... Maybe there's something in the code that removes the last trailing slash ? or maybe the verification rule needs to be softened ?* I didn't check the code yet however, so you may be know better than me
The text was updated successfully, but these errors were encountered: