StarlingX

Refresh token is not returned in the response from dex

Bug #1863264 reported by ayyappa
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Medium
Teresa Ho

Bug Description

Brief Description
-----------------
The refresh token is not returned in the response from dex app, only id-token and other details are shown

Severity
--------
Minor

Steps to Reproduce
------------------
1)After controller is unlocked, create kubernetes secret for running dex and oidc-client:
kubectl create secret tls local-dex.tls --cert=ssl/dex-cert.pem --key=ssl/dex-key.pem -n kube-system
kubectl create secret generic dex-client-secret --from-file=/home/sysadmin/ssl/dex-ca.pem -n kube-system

2)copy the dex-overrride.yaml file
cat dex-overrides.yaml
config:
  connectors:
  - type: ldap
    name: OpenLDAP
    id: ldap
    config:
      host: pv-ad.cumulus.wrs.com:389
      insecureNoSSL: true
      insecureSkipVerify: true
      bindDN: cn=Administrator,cn=Users,dc=pv-ad,dc=cumulus,dc=wrs,dc=com
      bindPW: Li69nux*
      usernamePrompt: Username
      userSearch:
        baseDN: ou=Users,ou=Titanium,dc=pv-ad,dc=cumulus,dc=wrs,dc=com
        filter: "(objectClass=user)"
        username: sAMAccountName
        idAttr: sAMAccountName
        emailAttr: sAMAccountName
        nameAttr: displayName

4)and apply the application:

system helm-override-update oidc-auth-apps dex kube-system --values /home/sysadmin/dex-overrides.yaml
system application-apply oidc-auth-apps

[sysadmin@controller-0 ~(keystone_admin)]$ system application-list
+---------------------+---------+-------------------------------+---------------+---------+-----------+
| application | version | manifest name | manifest file | status | progress |
+---------------------+---------+-------------------------------+---------------+---------+-----------+
| oidc-auth-apps | 1.0-0 | oidc-auth-manifest | manifest.yaml | applied | completed |
| platform-integ-apps | 1.0-8 | platform-integration-manifest | manifest.yaml | applied | completed |

5) Login in to the http://[2620:10a:a001:a103::1085]:30555 and enter the username and password and login

6)only id-token,access token and claims are shown but not the refresh token

Expected Behavior
------------------
The refresh token should be returned with all the remaining tokens

Actual Behavior
----------------
refresh token is not returned

Reproducibility
---------------
100%

System Configuration
--------------------
tested on all the following systems
standard system,wc_63_66_ipv6

Branch/Pull Time/Commit
-----------------------
2020-02-11

Last Pass
---------
This is a new test scenario

Timestamp/Logs
--------------
2020-02-12 22:49:44.056

Test Activity
-------------
Feature Testing

Workaround
----------
Haven't found any

See original description
Revision history for this message
ayyappa (mantri425) wrote :
Teresa Ho (teresaho)
Changed in starlingx:
assignee: nobody → Teresa Ho (teresaho)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to oidc-auth-armada-app (master)

Fix proposed to branch: master
Review: https://review.opendev.org/707868

Changed in starlingx:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to oidc-auth-armada-app (master)

Reviewed: https://review.opendev.org/707868
Committed: https://git.openstack.org/cgit/starlingx/oidc-auth-armada-app/commit/?id=b1c018a79a90b76f6ce261ae165fd76562ebb861
Submitter: Zuul
Branch: master

commit b1c018a79a90b76f6ce261ae165fd76562ebb861
Author: Teresa Ho <email address hidden>
Date: Thu Feb 13 16:04:00 2020 -0500

    Refresh token missing in the response from dex

    The refresh token is not returned from dex because the offline_access
    scope option was not passed to dex. This update is to ensure that the
    offline_access is set.

    Closes-Bug: 1863264

    Change-Id: I93a37fde66414d5557dc96fb00f002621005e80b
    Signed-off-by: Teresa Ho <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
Revision history for this message
Ghada Khalil (gkhalil) wrote :

stx.4.0 / medium priority - issue related to new stx.4.0 Active Directory feature

tags: added: stx.4.0 stx.security
Changed in starlingx:
importance: Undecided → Medium
Revision history for this message
ayyappa (mantri425) wrote :

Verified in load: 2020-02-24

tags: removed: stx.4.0 stx.retestneeded
description: updated
Ghada Khalil (gkhalil)
tags: added: stx.4.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.