oidc-auth does not respond well to misconfiguration of dex
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Low
|
Henry Bailey |
Bug Description
Brief Description
-----------------
When dex is misconfigured, or when there is a network error, an authentication request using 'oidc-auth' generates a python trace from unhandled exception with message "HTTP Error 500: Internal Server Error", or similar
Severity
--------
Minor
Steps to Reproduce
------------------
Apply the oidc/dex application per starlingx documentation and verify the correct behaviour and login using oidc-auth command. Apply a mis-configuration, such as incorrect baseDN for UserSearch, and retry the oidc-auth. Incorrect configuration will yield 500 internal server error. While induced network failure yields response code 200 with timeout reason.
Expected Behavior
------------------
Especially, no traceback. Preferable to have appropriate responses for known conditions, suggested actions.
Actual Behavior
----------------
Python stack trace, for example:
Traceback (most recent call last):
File "/usr/bin/
File "/usr/lib/
File "/usr/lib/
return self.open(
File "/usr/lib/
return self._mech_
File "/usr/lib/
raise response
mechanize.
Reproducibility
---------------
100%
System Configuration
-------
Any configuration, with oidc-auth-apps application
Branch/Pull Time/Commit
-------
starlingx master
Last Pass
---------
n/a
Timestamp/Logs
--------------
N/A, trace for oidc-auth command as noted above. In the example of incorrect configuration the dex pod log clarifies the misconfiguration as ldap referral response:
time="2022-
time="2022-
Test Activity
-------------
manual regression
Workaround
----------
n/a
Changed in starlingx: | |
assignee: | nobody → Henry Bailey (hbailey) |
Merged to starlingx master: /review. opendev. org/c/starlingx /oidc-auth- armada- app/+/886996 /opendev. org/starlingx/ oidc-auth- armada- app/commit/ cc9186a7f979664 004a0b1671be065 28f93486dd
https:/
https:/
Zuul is being silent about it, but I'm not sure why.