Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OIDC login failure with Azure Active directory #12955

Closed
IslamHeggy opened this issue Nov 21, 2021 · 5 comments
Closed

OIDC login failure with Azure Active directory #12955

IslamHeggy opened this issue Nov 21, 2021 · 5 comments

Comments

@IslamHeggy
Copy link
Contributor

IslamHeggy commented Nov 21, 2021

Describe the bug

I provisioned a Galaxy fresh installation for my company using the Ansible script provided by the Galaxy team. The installation using Ansible had some simple problems and tweaks that I will mention in the Ansible repo but in the end everything was great.

The problem here is that I wanted to connect with azure active directory to my Galaxy installation and here I used the OIDC protocol supported by Galaxy. First of all, I installed Galaxy version 21.01 and configured the OIDC and everything worked well.

I wanted to install the latest release of Galaxy which is (21.09) for my customer and then the Azure active directory part is not working.

After some debugging, I found that Galaxy is throwing exceptions due to pyjwt library problem. I checked the library and found that Galaxy (21.01) is using pyjwt=1.7.1 and the Galaxy (21.09) is using pyjwt==2.1.0 which is causing the problem. I removed pyjwt==2.1.0 and installed 1.7.1 and it worked pretty well after that. I also tried installing different pyjwt versions such as 2.3.0 with no luck at all and the same error occurred. So the current fix for this is to use the 1.7.1 library.

We need to find a permanent fix for this, Whether find and fix the current problem or define pyjwt version as 1.7.1 for 21.09 release and feature releases if it doesn't break anything else.

Galaxy Version and/or server at which you observed the bug
Galaxy Version: 21.09
Python Version: 3.6.8
Virtual env Setup: True
OS: CentOS 8 release 8.4.2105

To Reproduce
Steps to reproduce the behavior:

  1. Run Ansible playbook to install galaxy and add the release version 21.09
  2. Add OIDC integration with Azure active directory and restart the Galaxy server.
  3. Try connecting with your Azure credentials.
  4. An error occurred during sign in.

Expected behavior
The expected behaviour here is that you can login using your azure active directory credentials.

Screenshots

Galaxy Server systemd logs
image

Galaxy UI login Failure
image

@IslamHeggy
Copy link
Contributor Author

IslamHeggy commented Nov 23, 2021

After doing some research, it seems that social-oauth-core (version 3.x.x) package have a dependency problem with pyjwt library more than 1.7

So the temporary solution is to upgrade social-oauth-core package to 4.0.3.

So this should be added to the requirements.TXT for handling the SSO successfully.

Here is the link of this finding

@bgruening
Copy link
Member

Thanks @IslamHeggy for the report and the nice find! Are you running 4.0.3 and it works for you?

@IslamHeggy
Copy link
Contributor Author

IslamHeggy commented Nov 23, 2021

Yes, I tested the compatibility with 4.0.3 with the pyjwt library 2.X.X and it's working fine.

image

I can open a PR with the change for this issue.

@nsoranzo
Copy link
Member

nsoranzo commented Nov 23, 2021

@IslamHeggy As a guide for your PR, you should change the pin for social-auth-core in pyproject.toml and packages/data/requirements.txt .

@mvdbeek
Copy link
Member

mvdbeek commented Nov 25, 2021

Thanks for the report and fix @IslamHeggy!

@mvdbeek mvdbeek closed this as completed Nov 25, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants