Hello we would like to use oidc in the frontend. We receive the following error message after we want to perform the login:

13:45:19 [application-akka.actor.default-dispatcher-20] ERROR controllers.AuthenticationController - Caught exception while attempting to redirect to SSO identity provider! It's likely that SSO integration is mis-configured
org.pac4j.core.exception.TechnicalException: java.net.SocketTimeoutException: connect timed out
	at org.pac4j.oidc.config.OidcConfiguration.internalInit(OidcConfiguration.java:136)
	at org.pac4j.core.util.InitializableObject.init(InitializableObject.java:20)
	at auth.sso.oidc.custom.CustomOidcClient.clientInit(CustomOidcClient.java:21)
	at org.pac4j.core.client.IndirectClient.internalInit(IndirectClient.java:58)
	at org.pac4j.core.util.InitializableObject.init(InitializableObject.java:20)
	at org.pac4j.core.client.IndirectClient.getRedirectAction(IndirectClient.java:93)
	at org.pac4j.core.client.IndirectClient.redirect(IndirectClient.java:79)
	at controllers.AuthenticationController.redirectToIdentityProvider(AuthenticationController.java:253)
	at controllers.AuthenticationController.authenticate(AuthenticationController.java:87)
	at router.Routes$$anonfun$routes$1.$anonfun$applyOrElse$9(Routes.scala:500)
	at play.core.routing.HandlerInvokerFactory$$anon$8.resultCall(HandlerInvoker.scala:147)
	at play.core.routing.HandlerInvokerFactory$$anon$8.resultCall(HandlerInvoker.scala:146)
	at play.core.routing.HandlerInvokerFactory$JavaActionInvokerFactory$$anon$3$$anon$4$$anon$5.invocation(HandlerInvoker.scala:112)
	at play.core.j.JavaAction$$anon$1.call(JavaAction.scala:128)
	at play.mvc.Action.lambda$call$0(Action.java:89)
	at java.base/java.util.Optional.map(Optional.java:265)
	at play.mvc.Action.call(Action.java:81)
	at play.http.DefaultActionCreator$1.call(DefaultActionCreator.java:33)
	at play.core.j.JavaAction.$anonfun$apply$8(JavaAction.scala:188)
	at scala.concurrent.Future$.$anonfun$apply$1(Future.scala:659)
	at scala.util.Success.$anonfun$map$1(Try.scala:255)
	at scala.util.Success.map(Try.scala:213)
	at scala.concurrent.Future.$anonfun$map$1(Future.scala:292)
	at scala.concurrent.impl.Promise.liftedTree1$1(Promise.scala:33)
	at scala.concurrent.impl.Promise.$anonfun$transform$1(Promise.scala:33)
	at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:64)
	at play.core.j.HttpExecutionContext$$anon$2.run(HttpExecutionContext.scala:77)
	at play.api.libs.streams.Execution$trampoline$.execute(Execution.scala:70)
	at play.core.j.HttpExecutionContext.execute(HttpExecutionContext.scala:69)
	at scala.concurrent.impl.CallbackRunnable.executeWithValue(Promise.scala:72)
	at scala.concurrent.impl.Promise$KeptPromise$Kept.onComplete(Promise.scala:372)
	at scala.concurrent.impl.Promise$KeptPromise$Kept.onComplete$(Promise.scala:371)
	at scala.concurrent.impl.Promise$KeptPromise$Successful.onComplete(Promise.scala:379)
	at scala.concurrent.impl.Promise.transform(Promise.scala:33)
	at scala.concurrent.impl.Promise.transform$(Promise.scala:31)
	at scala.concurrent.impl.Promise$KeptPromise$Successful.transform(Promise.scala:379)
	at scala.concurrent.Future.map(Future.scala:292)
	at scala.concurrent.Future.map$(Future.scala:292)
	at scala.concurrent.impl.Promise$KeptPromise$Successful.map(Promise.scala:379)
	at scala.concurrent.Future$.apply(Future.scala:659)
	at play.core.j.JavaAction.apply(JavaAction.scala:189)
	at play.api.mvc.Action.$anonfun$apply$2(Action.scala:95)
	at play.api.libs.streams.StrictAccumulator.$anonfun$mapFuture$4(Accumulator.scala:181)
	at scala.util.Try$.apply(Try.scala:213)
	at play.api.libs.streams.StrictAccumulator.$anonfun$mapFuture$3(Accumulator.scala:181)
	at scala.Function1.$anonfun$andThen$1(Function1.scala:57)
	at play.api.libs.streams.StrictAccumulator.run(Accumulator.scala:216)
	at play.core.server.AkkaHttpServer.$anonfun$runAction$4(AkkaHttpServer.scala:436)
	at akka.http.scaladsl.util.FastFuture$.strictTransform$1(FastFuture.scala:41)
	at akka.http.scaladsl.util.FastFuture$.$anonfun$transformWith$3(FastFuture.scala:51)
	at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:64)
	at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55)
	at akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:92)
	at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23)
	at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:85)
	at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:92)
	at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:41)
	at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(ForkJoinExecutorConfigurator.scala:49)
	at akka.dispatch.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)
	at akka.dispatch.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339)
	at akka.dispatch.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)
	at akka.dispatch.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)
Caused by: java.net.SocketTimeoutException: connect timed out
	at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
	at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:412)
	at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:255)
	at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:237)
	at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
	at java.base/java.net.Socket.connect(Socket.java:609)
	at java.base/sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:305)
	at java.base/sun.net.NetworkClient.doConnect(NetworkClient.java:177)
	at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:508)
	at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:603)
	at java.base/sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:266)
	at java.base/sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:373)
	at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:207)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1187)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1081)
	at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:193)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1592)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1520)
	at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:250)
	at com.nimbusds.jose.util.DefaultResourceRetriever.getInputStream(DefaultResourceRetriever.java:249)
	at com.nimbusds.jose.util.DefaultResourceRetriever.retrieveResource(DefaultResourceRetriever.java:201)
	at org.pac4j.oidc.config.OidcConfiguration.internalInit(OidcConfiguration.java:133)
	... 61 common frames omitted

The pod reaches azure to invoke the OIDC configuration. For this, a proxy had to be set. Our assumption is that this must also be set in the jvm. Is there a way to set the frontend these options http.proxyHost, http.proxyPort and http.nonProxyHosts.

Hey konstantin. Glad you guys are thinking about using OIDC SSO. Can you post the configurations you've already set?

Hello John, our current config for the frontend looks like this:

datahub-frontend:
    enabled: true
    image:
      repository: <http://artifacts.endress.com/docker-mirror/linkedin/datahub-frontend-react|artifacts.endress.com/docker-mirror/linkedin/datahub-frontend-react>
      tag: "v0.9.0"
    # Set up ingress to expose react front-end
    extraEnvs:
      - name: https_proxy
        value: <proxy>
      - name: http_proxy
        value: <proxy>
      - name: no_proxy
        value: "<no-proxy>"
      - name: HTTPS_PROXY
        value: <proxy>
      - name: HTTP_PROXY
        value: <proxy>
      - name: NO_PROXY
        value: "<no-proxy>"
      - name: AUTH_OIDC_BASE_URL
        value: <base-url>
      - name: AUTH_OIDC_SCOPE
        value: "openid profile email"
    oidcAuthentication:
      enabled: true    
      provider: azure
      clientId: <client-id>
      azureTenantId: <tenant-id>
      clientSecretRef:
        secretRef: datahub-sso
        secretKey: client-secret 
    ingress:
      enabled: false

@white-beard-86056 I'm facing a similar problem as your, could you maybe explain a bit further on what your solution is. I'm having a hard time understanding the DATAHUB_FRONTEND_OPTS

@aloof-energy-17918 It might be a bit late, but as I have recently tried to understand the usage of the DATAHUB_FRONTEND_OPTS environment variable and why it works in our case I have analyzed it a bit. The environment variable is not mentioned or documented anywhere, it can also not be found when you search the source code on GitHub. This is because the environment variable can be found in the shell script /datahub-frontend/bin/datahub-frontend in the datahub-frontend pod/image. The shell script is generated by the Application plugin of Gradle during the build (https://docs.gradle.org/current/userguide/application_plugin.html). Usually the JAVA_OPTS environment variable which is also used in the generated script should work but for some reasons it does not work for us. The template for the script can also be found in the source code of Gradle (https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt).