spinnaker: 1.14.X releases break Oauth integration with Google Oauth/Okta due to redirect issue.

Issue Summary:

After upgrading to 1.14.X, multiple people are reporting that their redirectUri is not being filled in correctly causing issues on redirect during oauth login.

Information about people impacted by the issue can be found in the slack thread https://spinnakerteam.slack.com/archives/C091CCWRJ/p1559273903055200?thread_ts=1558639811.086800&cid=C091CCWRJ

May or may not be related to the following pull requests/commits https://github.com/spinnaker/gate/pull/801 https://github.com/spinnaker/gate/commit/271bfab61d1f44d8ff7d4f546ec2a8efbb9b1a47

The only way to fix it at this point is the hardcode the redirectUri which causes other issues.

Environment:

Spinnaker using Oauth.

Feature Area (if this issue is UI/UX related, please tag @spinnaker/ui-ux-team):

Saml/Authentication

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Reactions: 9
  • Comments: 22

Most upvoted comments

To give more context about this issue, I do see this error message in gate that I did not see before.

2019-06-05 21:27:48.288  INFO 1 --- [           main] com.netflix.spinnaker.gate.Main          : Started Main in 15.207 seconds (JVM running for 16.717)
2019-06-05 21:27:48.328 ERROR 1 --- [           main] o.s.b.c.p.m.PropertiesMigrationListener  :
The use of configuration keys that are no longer supported was found in the environment:

Property source 'applicationConfig: [file:/opt/spinnaker/config/gate.yml]':
        Key: security.basic.enabled
                Line: 23
                Reason: The security auto-configuration is no longer customizable.


Please refer to the migration guide or reference guide for potential alternatives.

I do authn/authz with Okta and x509.

+4
eboumendil on Jun 6, 2019

I am still seeing the issue with the v1.14.5.

+2
eboumendil on Jun 17, 2019

Pretty sure the fix for https://github.com/spinnaker/gate/pull/844 did make it to the release-1.15.x branch. See https://github.com/spinnaker/gate/tree/release-1.15.x, https://github.com/spinnaker/gate/commit/193c7b9484d98fb55cf79581b9c1e3959ccb43fe.

Not sure what that cherry-pick failed message is about.

+1
dbyron0 on Jul 19, 2019

Still there in 1.14.7.

+1
queueburt on Jun 25, 2019
Read more comments on GitHub
← spinnaker: hal config deploy edit --type localdebian failed due to Unable to locate package spinnaker-igor
spinnaker: Allow Jenkins stage to continue on failed builds →