New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Custom OIDC (Azure) leads to phoenix crashing #642
Comments
Hi @allanhung -- are you sure your Azure portal is configured correctly? Looks that
I'm guessing Phoenix isn't able to fetch the necessary documents because that response isn't valid. |
Sorry, I mask some info. I have updated the comment with correct discovery_document_uri and the client_id. |
@allanhung Ah thanks. So it looks like OpenID Connect is timing out when trying to fetch your OIDC documents. Can you verify your Firezone server can reach
|
|
@allanhung Hmmm. Strange. It's not clear from the crash which URL OpenID Connect is timing out for. Does this run successfully for you from your Firezone instance?
|
@jamilbk Yes, it runs successfully. |
@jamilbk I test with my dex and it works.
|
@allanhung Yeah, I wonder if there's something in your Azure OAuth App settings that could be causing this. For reference, here's our Azure OIDC config we use for development and testing: {
"azure": {
"client_id": "<redacted>",
"client_secret": "<redacted>",
"discovery_document_uri": "https://login.microsoftonline.com/c3f15e43-d01d-4e2d-b0b6-b961f6e34239/v2.0/.well-known/openid-configuration",
"redirect_uri": "http://localhost:4000/auth/oidc/azure/callback/",
"response_type": "code",
"scope": "openid email profile",
"label": "Azure"
}
} Another thing we've seen cause intermittent timeouts is the WireGuard or interface MTU -- on some providers (GCP) you need to lower it to 1360 or lower. Is your instance egress traffic configured to route out through a WireGuard tunnel? If you don't mind sharing the cloud/hosting provider your Firezone instance is running in, I'll see if I can spin up a test instance to try and replicate the issue. |
@jamilbk I think it's nothing about Azure OAuth App settings since it didn't finish the tls handshake. My instance egress traffic configured to route out through eth0. Here is the route table:
Sure. How do i share the instance with you? |
Which cloud / hosting provider is your Firezone instance running in? Azure as well? It may be faster to debug over Slack -- would be you be able to join our Slack group and DM me there? |
I have joined the slack channel. And my cloud provider is alicloud. |
Hey @allanhung This should be fixed in #651 and will make it into the next release coming out sometime next week. |
@jamilbk Will test it with next release. Thanks. |
@allanhung So this ended up being a bug with Erlang/OTP 25. We're in the process of reverting to 24 and will cut a new release soon with the fix. |
Fixed by #664 |
Hi,
I try to config firezone with azure oidc. But I get error when start phonenix. Here are the logs:
oidc setting:
Many thanks for your help.
The text was updated successfully, but these errors were encountered: