Title
f

fresh-fish-73471

07/01/2021, 3:46 PM
We are trying to enable the OIDC (AWS cognito) authentication for dockerized Datahub We followed the instructions given in the below link https://datahubproject.io/docs/how/configure-oidc-react/ We have configured following properties from datahub/docker/datahub-frontend/env/docker.env Required OIDC configs AUTH_OIDC_ENABLED=true AUTH_OIDC_CLIENT_ID=XXXXXXXX AUTH_OIDC_CLIENT_SECRET= #AUTH_OIDC_DISCOVERY_URI=https://xxxxxxxxxxxxxxxxxxxxxxxx/.well-known/openid-configuration AUTH_OIDC_DISCOVERY_URI=https://xxxxxxxxxxxx.xxxxxxxxxxxxxxxx/openid-configuration AUTH_OIDC_BASE_URL=https://XXXXXXXXX.com Optional OIDC configs AUTH_OIDC_USER_NAME_CLAIM=email AUTH_OIDC_USER_NAME_CLAIM_REGEX=([^@]+) AUTH_OIDC_SCOPE=openid Uncomment to disable JAAS username / password authentication (enabled by defau lt) AUTH_JAAS_ENABLED=false But for some reasons redirection is not happening, instead it is taking us to default datahub login page when we hit the base url. Please let us know, if we are missing something Thanks in advance.
b

big-carpet-38439

07/01/2021, 4:58 PM
Will ping you directly!
m

most-pillow-90882

03/14/2022, 6:23 PM
@big-carpet-38439 @fresh-fish-73471 Did you guys manage to get Cognito working? I’ve got login partially working, but logOut is broken
b

big-carpet-38439

03/14/2022, 6:30 PM
@most-pillow-90882 What is happening on log out?
m

most-pillow-90882

03/14/2022, 6:33 PM
Right now, nothing. Just goes back to home page with logged in user. Have tried disabling cacheing, etc.
For cognito app client, have set ’Allowed Singout Urls” to http://localhost:9002 and http://localhost:9002/logOut but neither working
Also, I’m in dev mode, if that helps
# Uncomment & populate these configs to enable OIDC SSO in React application. # Required OIDC configs AUTH_OIDC_ENABLED=true AUTH_OIDC_CLIENT_ID= XXX AUTH_OIDC_CLIENT_SECRET=XXX AUTH_OIDC_DISCOVERY_URI=https://cognito-idp.us-east-1.amazonaws.com/XXX/.well-known/openid-configuration AUTH_OIDC_BASE_URL=http://localhost:9002 # Optional OIDC configs # AUTH_OIDC_USER_NAME_CLAIM=email # AUTH_OIDC_USER_NAME_CLAIM_REGEX=([^@]+) AUTH_OIDC_SCOPE=“openid profile email groups” #AUTH_OIDC_CLIENT_AUTHENTICATION_METHOD = client_secret_post # Optional Provisioning Configs # AUTH_OIDC_JIT_PROVISIONING_ENABLED=true # AUTH_OIDC_PRE_PROVISIONING_REQUIRED=false AUTH_OIDC_EXTRACT_GROUPS_ENABLED=true AUTH_OIDC_GROUPS_CLAIM=groups # Uncomment to disable JAAS username / password authentication (enabled by default) AUTH_JAAS_ENABLED=false
From Cognito app client
I also had some issues with login (had to delete the ?code sent with callback)
b

big-carpet-38439

03/14/2022, 11:14 PM
Can you try this in incognito browser? This is very strange. Both login and logout should work... If you can send the contents of the open-id configuration URL it may help us triage
m

most-pillow-90882

03/15/2022, 4:00 PM
Same issue in Incognito mode (tested both Chrome and Firefox). openId config url https://cognito-idp.us-east-1.amazonaws.com/us-east-1_pjck0hccL/.well-known/openid-configuration. Contents: authorization_endpoint “https://sae-blk-test.auth.us-east-1.amazoncognito.com/oauth2/authorize” id_token_signing_alg_values_supported 0 “RS256" issuer “https://cognito-idp.us-east-1.amazonaws.com/us-east-1_pjck0hccL” jwks_uri “https://cognito-idp.us-east-1.amazonaws.com/us-east-1_pjck0hccL/.well-known/jwks.json” response_types_supported 0 “code” 1 “token” scopes_supported 0 “openid” 1 “email” 2 “phone” 3 “profile” subject_types_supported 0 “public” token_endpoint “https://sae-blk-test.auth.us-east-1.amazoncognito.com/oauth2/token” token_endpoint_auth_methods_supported 0 “client_secret_basic” 1 “client_secret_post” userinfo_endpoint “https://sae-blk-test.auth.us-east-1.amazoncognito.com/oauth2/userInfo
b

big-carpet-38439

03/15/2022, 5:31 PM
Thank you - will take a look today. Also, which version of DataHub are you using?
m

most-pillow-90882

03/15/2022, 7:50 PM
Looks like 0..8.29 actually
I’ll try downgrading to 0.8.28 to see if fixes
b

big-carpet-38439

03/19/2022, 9:49 PM
Yeah so there's a known issue in 0.8.29 unforuntately with OIDC - can you try to use 0.8.30?
c

cuddly-butcher-39945

02/16/2023, 11:07 PM
FWIW, this is the link that appears to work for the OIDC / React guide https://datahubproject.io/docs/authentication/guides/sso/configure-oidc-react/#configuring-oidc-in-react