Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tokens exceeding 4k in size do not work with the kubernetes dashboard #3081

Closed
skattoju-zz opened this issue Jun 6, 2018 · 3 comments
Closed

Tokens exceeding 4k in size do not work with the kubernetes dashboard #3081

skattoju-zz opened this issue Jun 6, 2018 · 3 comments
Labels
triage/duplicate Indicates an issue is a duplicate of other open issue.

Comments

@skattoju-zz
Copy link

skattoju-zz commented Jun 6, 2018
edited
Loading

Environment

Kubernetes 1.10 was installed with kubespray on Redhat 7. Node or go not installed.
Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.0+coreos.0", GitCommit:"6bb2e725fc2876cd94b3900fc57a1c98ca87a08b", GitTreeState:"clean", BuildDate:"2018-04-02T16:49:31Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.0+coreos.0", GitCommit:"6bb2e725fc2876cd94b3900fc57a1c98ca87a08b", GitTreeState:"clean", BuildDate:"2018-04-02T16:49:31Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
The dashboard is being accessed from a windows laptop using the chrome browser at the following url : https://:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login

Dashboard version: k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3
Kubernetes version: 1.10
Operating system: Redhat 7
Node.js version: N/A
Go version: N/A
Chrome version: 66.0.3359.181 (Official Build) (64-bit)
Steps to reproduce
  1. Configure Azure Active Directory
  2. Execute kubectl command to get Token from Azure (populated in kubeconfig by azure plugin)
  3. Attempt to login to the dashboard https://:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login
  4. Use the Azure token to login to the dashboard
Observed result

No error given in the UI, opening the console shows the following error:
Cookie 'jweToken' possibly not set or overflowed because it was too large (4329 > 4096 bytes)!

Expected result

Login successful, redirected to dashboard

Comments

This occurs when group claims are included in the token from azure. It works fine when group claims are not included and the resulting token is smaller.
@skattoju-zz skattoju-zz changed the title Tokens exceeding 4k in size do not work with the dashboard Tokens exceeding 4k in size do not work with the kubernetes dashboard Jun 6, 2018
@trunet
Copy link

trunet commented Jul 19, 2018
edited
Loading

possible duplicate of #2981 ?

@trunet
Copy link

trunet commented Jul 19, 2018

this is difficult problem to solve.

browser limits the cookie size to 4k. the token have to be somewhere because all the requests send the token. as the token is signed, you can't simply shrink or cut it.

the solution would be to save the token on local storage instead of a cookie, but local storage is not recommended to save a token.

@floreks
Copy link
Member

floreks commented Jul 19, 2018

Closing as duplicate of #2981.

@floreks floreks closed this as completed Jul 19, 2018
@floreks floreks added the triage/duplicate Indicates an issue is a duplicate of other open issue. label Jul 19, 2018
This was referenced May 17, 2020
Closed
Closed
@floreks floreks mentioned this issue Oct 27, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triage/duplicate Indicates an issue is a duplicate of other open issue.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@skattoju-zz @trunet @floreks