Unable to login to Argocd Server via google sso without restarting dex-server

[Jay-Patel-22]

Hi team,

I have installed ArgoCD v2.6.7 using manifest installation and have configured dex-server for SSO login, below is the configuration of the same.

apiVersion: v1
data:
  accounts.api-user: apiKey
  admin.enabled: "false"
  application.instanceLabelKey: "argocd.argoproj.io/instance"
  dex.config: |
    connectors:
    - config:
        issuer: https://accounts.google.com
        clientID: $GOOGLE_CLIENT_ID
        clientSecret: $GOOGLE_CLIENT_SECRET
      type: oidc
      id: google
      name: Google
  url: https://argocd.xyz.com
kind: ConfigMap
metadata:
  labels:
    app.kubernetes.io/name: argocd-cm
    app.kubernetes.io/part-of: argocd
  name: argocd-cm

when i try to login to my argocd UI via SSO login i get below message on the webpage
Failed to query provider "https://argocd.xyz.com/api/dex": Get "https://argocd-dex-server:5556/api/dex/.well-known/openid-configuration": dial tcp [x.x.x.x:5556](http://x.x.x.x:5556/): connect: connection refused

But restarting the dex-server pod resolves the login issue and i successfully get login to argocd UI.
Not sure what is going wrong here. Any recommendation would be of great help

[delia395]

I got same connection reused error message and didn't resolve by restarting. Likely due to using hosted domain while the support was deprecated. After change to google connector https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/google/#openid-connect-plus-google-groups-using-dex it works.

[HackerM0nk]

Thanks @delia395 ,

By providing dex config in following manner, then updating the argocd-cm configmap & restarting the argocd-dex-server-xyz123 pod worked for me like a charm.

    dex.config: |
      connectors:
      - config:
          issuer: https://accounts.google.com
          redirectURI: https://argocd.example.com/api/dex/callback
          clientID: abc-xys.apps.googleusercontent.com
          clientSecret: abc-XYZ_123
          serviceAccountFilePath: /tmp/oidc/googleAuth.json
          adminEmail: name@example.com
        type: oidc
        id: google
        name: Google

[HariSekhon]

I've hit this bug too with Google auth dex configuration on ArgoCD v2.9.6+ba62a0a following this section:

https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/google/#openid-connect-using-dex

Getting immediately kicked back out when clicking the Log in via Google button.

level=info msg="finished unary call with code OK" grpc.code=OK grpc.method=Get grpc.service=cluster.SettingsService grpc.start_time="2024-03-02T01:41:21Z" grpc.time_ms=100.663 span.kind=server system=grpc

I've reproduced this on all three of my environments, and fixed it immediately with the below argocd-server pod restart:

kubectl rollout restart deploy/argocd-server

Seems like a state bug.