Skip to main content
  • EN

We are using kasten version 5.0.7 and want to implement LDAP as described on https://docs.kasten.io/latest/access/authentication.html#active-directory-authentication

We also used https://docs.kasten.io/latest/install/advanced.html

Before we added the custom-ca-bundle.pem the auth-svc logs the following error:

x509: certificate signed by unknown authority

So adding the custom-ca-bundle.pem to the configmap solved the x509 error.

However when I navigate to http://backup.tooling.x.y.nl/kasten-io/#  the pod: auth-svc logs the following error:

{"File":"kasten.io/k10/kio/auth/oidc.go","Function":"kasten.io/k10/kio/auth.NewOIDCProvider","Line":67,"clusterName":"https://backup.tooling.x.y.nl","cluster_name":"1b873c7c-b159-4ed9-9e6f-ad3cc4e87757","hostname":"auth-svc-758d48f58c-92962","level":"info","msg":"Initializing OIDC provider","prompt":"select_account","providerURL":"https://backup.tooling.x.y.nl/dex","scopes":"groups profile email","time":"20220912-14:04:53.616Z","version":"5.0.7"}
{"File":"kasten.io/k10/kio/auth/auth.go","Function":"kasten.io/k10/kio/auth.(*Auth).Authenticate","Line":194,"cluster_name":"1b873c7c-b159-4ed9-9e6f-ad3cc4e87757","err":{"message":"Failed to init OIDC provider","function":"kasten.io/k10/kio/auth.initOIDC","linenumber":137,"file":"kasten.io/k10/kio/auth/oidc.go:137","cause":{"message":"Failed to setup OIDC Provider","function":"kasten.io/k10/kio/auth.provider","linenumber":126,"file":"kasten.io/k10/kio/auth/oidc.go:126","cause":{"message":"504 Gateway Timeout: \u003chtml\u003e\r\n\u003chead\u003e\u003ctitle\u003e504 Gateway Time-out\u003c/title\u003e\u003c/head\u003e\r\n\u003cbody\u003e\r\n\u003ccenter\u003e\u003ch1\u003e504 Gateway Time-out\u003c/h1\u003e\u003c/center\u003e\r\n\u003chr\u003e\u003ccenter\u003enginx\u003c/center\u003e\r\n\u003c/body\u003e\r\n\u003c/html\u003e\r\n"}}},"hostname":"auth-svc-758d48f58c-92962","level":"error","msg":"Failed to create OIDC provider","path":"/v0/authz/kasten-io/dex","time":"20220912-14:05:08.618Z","version":"5.0.7"}
 

 

https://community.veeam.com/kasten-k10-support-92/failed-to-init-oidc-provider-with-keycloak-2198 describe the same issue, but in our case the custom-ca-bundle-store configmap is already available and the CA certificate is valid.
Is also receive the gateway 502 error when I access backup.tooling.x.y.nl 

 

apiVersion: v1
items:
- apiVersion: networking.k8s.io/v1
  kind: Ingress
  metadata:
    annotations:
    name: kasten-ingress
    namespace: kasten-io
  spec:
    ingressClassName: nginx
    rules:
    - host: backup.tooling.x.y.nl
      http:
        paths:
        - backend:
            service:
              name: gateway
              port:
                number: 8000
          path: /
          pathType: ImplementationSpecific
        - backend:
            service:
              name: dex
              port:
                number: 8000
          path: /dex
          pathType: ImplementationSpecific
 

Someone able to point me to the right direction?

Be the first to comment!

Comment


Terms & Conditions