-
Notifications
You must be signed in to change notification settings - Fork 5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"invalid session token: failed to verify signature: failed to verify id token signature" with argocd v2.5.2 and dex v2.35.x #11392
Comments
I encountered the same problem, I integrated with keycloak, click logout on the UI interface, and re-use keycloak to log in to the browser, the following error will appear
I need to fail 3 times before I can log in successfully |
I have also encountered this using the Dex GitHub Connector. The Dex server logs appear to have logged in successfully and I can see my GH user information however the argocd server then cannot validate the token. |
same issue with Github connector after upgrading ArgoCD from
argocd-server log:
client log:
|
Anyone able to identify if this is a bug in the current version of the connector, or is it simply a configuration error? I am seeing the same issue (Dex logs report successful login, ArgoCD server reports "failed to verify") with the a similar config (GitHub Dex Connector, config snippet below) Dex Connector Config dex.config: |
connectors:
- type: github
id: github
name: GitHub
config:
clientID: <redacted>
clientSecret: <redacted>
orgs:
- name: <my-org> |
@michaelfedell I was experiencing the same issue, fixed by deleting the argocd-server pod. After a new pod was ready I was able to log in. |
@BernardoABC thanks a lot for your feedback, it's now working properly after deleting |
Oh my God! That's worked! Thanks @BernardoABC ! |
FWIW, I just upgraded to helm chart version 5.22.1 and I'm not having this problem anymore. |
hah - I kind of hate it when problems just solve themselves, but either way, it's resolved! thanks for sharing your experience |
Not sure where this should happen. But, the pod(s) that need restarting should auto restart by some trigger. I'm using a helm chart to deploy ArgoCD. |
argocd app list |
argocd account list |
argocd login $ARGOCD_HOST_PRODUCTION --username admin --server $ARGOCD_HOST_PRODUCTION --grpc-web --config $ARGOCD_CONFIG_HOME/$ARGOCD_HOST_PRODUCTION Same error, but login is successfully. |
I have this error every time rolling out a fresh Kubernetes cluster and ArgoCD installation. After one restart of the ArgoCD server pods everything works fine. I would hate to implement a workaround in my Terraform manifests just to fix this. I am not using dex. Any idea to what could cause this problem? CA on the IdP is letsencrypt.
|
I was logging in incorrectly. After that, if I had the error, I closed the terminal and redid the login. |
Issue occured when trying to add target cluster using argocd-cli
Resolved by resetting the argocd context i.e. re-login to argocd cluster via SSO. This issue happens when the ArgoCD server is restarted and argocd context gets invalidated. |
Checklist:
argocd version
.Describe the bug
I found #11219, which supposedly fixes #11071 by using
ghcr.io/dexidp/dex:v2.35.3
instead ofghcr.io/dexidp/dex:v2.35.3-distroless
. When I try using any of thesev2.35.x
images, I get the following error in the webui when attempting to log in via SSO:The latest version of dex that works for me is
v2.31.2
, so I'm working around this in my helm chart (but this leaves us exposed to: #10939):Possible regression of #1113?
To Reproduce
Use dex
v2.35.x
(e.g.v2.35.3
) with argo-cdv2.5.2
. Here's mydex.config
:Expected behavior
SSO should work.
Version
Logs
Interestingly, auth seems to be working if I look at the dex server logs:
The text was updated successfully, but these errors were encountered: