-
Notifications
You must be signed in to change notification settings - Fork 5.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to authenticate using Gitlab OIDC Provider #20006
Comments
what is the policy and can you share the JWT that you obtain from GitLab? |
Well, I don't really know how to find the JWT using developer tools in my browser but I can find one using mc admin trace. For confidentiality reasons I've truncated it but here it is:
The whole token is ~ 3867 bytes. Here is the policy (for test purpose, it's the same content as consoleAdmin :
While digging for my JWT, I've seen a message in my firefox console with : It may be a good lead ? Thanks. |
And your policy name is called |
Yes exactly. Sorry for the omission.
|
Please test with the latest release |
Hi, the problem is still present with the version I've asked my colleagues to make some tests too. |
yeah that is because your browser is not allowing cookie sizes beyond 4k |
Which would happen to be big if you are part of say 1000s of groups, you should perhaps limit that on the GitLab side to avoid being included
By reducing the scope of the OpenID JWT size. |
@harshavardhana I've just sent you an email with the list of groups available in my JWT. |
I'm trying to use Gitlab as OIDC Provider for minio.
The setup seems to be fine but when I click on the SSO button, I'm redirected to Gitlab login as expected and after that I'm redirected back to Minio Console but still not logged and no errors message are appearing.
Expected Behavior
I expect to be logged in with rights from the appropriate policy
Current Behavior
I'm not logged in.
Steps to Reproduce (for bugs)
With
mc admin trace
I can see the following error:Your Environment
minio --version
):Version: RELEASE.2024-06-26T01-06-18Z (go1.22.4 linux/amd64)
uname -a
): Debian 11 -Linux myhostname 5.10.0-30-amd64 #1 SMP Debian 5.10.218-1
(2024-06-01) x86_64 GNU/LinuxThe text was updated successfully, but these errors were encountered: