Skip to content

Load the available CA in logout API #3044

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 13, 2023
Merged

Load the available CA in logout API #3044

merged 1 commit into from
Sep 13, 2023

Conversation

@pjuarezd
Copy link
Member

@pjuarezd pjuarezd commented Sep 12, 2023

What does this do?

Load the available CA in the API when invoking the openid-connect/logout remote IDP endpoint.

Found that even though the CA certificates are properly provided to minio console, the invoke to the logout endpoint when using OIDP was not loading the CA certificates, causing several things:

  1. API /api/v1/logout returned a 500 error.

  2. API call returned tls: failed to verify certificate: x509: certificate signed by unknown authority error:

{
    "detailedMessage": "Post \"https://kc-service.keycloak.svc.cluster.local/realms/oidc-iam/protocol/openid-connect/logout\": tls: failed to verify certificate: x509: certificate signed by unknown authority",
    "message": "an error occurred, please try again"
}

  1. User session on IDP was not closed

  2. User session in Minio Console was not really closed, user is still logged in

idp no logout

@pjuarezd pjuarezd self-assigned this Sep 12, 2023
dvaldivia
dvaldivia previously approved these changes Sep 12, 2023
View reviewed changes
harshavardhana
harshavardhana requested changes Sep 12, 2023
View reviewed changes
harshavardhana
harshavardhana requested changes Sep 12, 2023
View reviewed changes
@pjuarezd pjuarezd force-pushed the bugfix-load-ca-logout branch from 182cb60 to 2c55345 Compare September 12, 2023 23:13
pjuarezd
pjuarezd commented Sep 12, 2023
View reviewed changes
@pjuarezd pjuarezd force-pushed the bugfix-load-ca-logout branch from 2c55345 to 1e553a3 Compare September 13, 2023 19:43
@pjuarezd
Load the available CA in the API when invoking the `openid-connect/lo…
c01a283 
…gout` remote IDP endpoint.

Out error log to stdout instead of return error to web client
@pjuarezd pjuarezd force-pushed the bugfix-load-ca-logout branch from 1e553a3 to c01a283 Compare September 13, 2023 20:40
bexsoft
bexsoft approved these changes Sep 13, 2023
View reviewed changes
Copy link
Collaborator

@bexsoft bexsoft left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@bexsoft bexsoft merged commit 65b0bab into minio:master Sep 13, 2023
@pjuarezd pjuarezd deleted the bugfix-load-ca-logout branch September 13, 2023 21:27
cesnietor pushed a commit to cesnietor/console that referenced this pull request Jan 12, 2024
@pjuarezd
Load the available CA in logout API (minio#3044)
69197b0
cesnietor pushed a commit to cesnietor/console that referenced this pull request Jan 12, 2024
@pjuarezd
Load the available CA in logout API (minio#3044)
5936f0a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@harshavardhana harshavardhana harshavardhana approved these changes

@reivaj05 reivaj05 reivaj05 approved these changes

@bexsoft bexsoft bexsoft approved these changes

@kanagarajkm kanagarajkm Awaiting requested review from kanagarajkm

@cniackz cniackz Awaiting requested review from cniackz

@cesnietor cesnietor Awaiting requested review from cesnietor

@dvaldivia dvaldivia Awaiting requested review from dvaldivia

Assignees

@pjuarezd pjuarezd

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@pjuarezd @harshavardhana @reivaj05 @dvaldivia @bexsoft