Hi, that's me again. Like #12227 (but with less urgency) and #12161, I need credentials for OIDC setup.
The informations for the ticket are:
Client name: fedoramagstg-wpengine-com Redirect URLs: https://fedoramagstg.wpengine.com/wp-admin/admin-ajax.php?action=openid-connect-authorize Client URL: https://fedoramagstg.wpengine.com/ Contacts: me (or OSPO CommInfra in general) Token Endpoint Auth method: client_secret_post
Metadata Update from @zlopez: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: low-trouble, medium-gain, ops
Metadata Update from @zlopez: - Issue assigned to zlopez
I will create those for you on Monday. I will sent the secrets to you through matrix as last time.
I created the entries run the related playbook and sent you the secret through matrix. Let me know if anything is not working as it should.
Closing this as fixed. Feel free to reopen when there is any issue with the credentials. :-)
Metadata Update from @zlopez: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
There is some issue. It say "Unknown client ID".
To clarify, I need to test the staging instance of Fedora magazine, but it should go to the production instance of keycloak, my bug title wasn't clear.
Metadata Update from @misc: - Issue status updated to: Open (was: Closed)
@misc That error was on my side. I forgot to change client_id in OIDC entry after copy pasting commblog entry. It should be now fixed.
client_id
Could you try again?
Nope, no luck, same error :/
I did some changes, but I'm not able to test them as the login page is just throwing a strange error (ERROR (unknown-error): An unknown error occurred.). I assume this is related to the maintenance on wpengine.com side.
ERROR (unknown-error): An unknown error occurred.
I can still see the same error on the page, I don't think that is related to OIDC entry as it doesn't even redirect me to login page.
@misc Could you check the logs on your side?
Metadata Update from @zlopez: - Issue priority set to: Waiting on Reporter (was: Waiting on Assignee)
There is nothing on the blog side. If I look at the exchange, I see that one request to https://id.fedoraproject.org/openidc/Authorization?response_type=code&scope=email%20profile%20openid&client_id=fedoramagstg-wpengine-com&state=xx&redirect_uri=https%3A%2F%2Ffedoramagstg.wpengine.com%2Fwp-admin%2Fadmin-ajax.php%3Faction%3Dopenid-connect-authorize
https://id.fedoraproject.org/openidc/Authorization?response_type=code&scope=email%20profile%20openid&client_id=fedoramagstg-wpengine-com&state=xx&redirect_uri=https%3A%2F%2Ffedoramagstg.wpengine.com%2Fwp-admin%2Fadmin-ajax.php%3Faction%3Dopenid-connect-authorize
is made, and then it get redirected to:
https://fedoramagstg.wpengine.com/wp-admin/admin-ajax.php?action=openid-connect-authorize&error=unauthorized_client&error_description=Unknown client ID&state=xx
So I think the only error I have is "unauthorized_client", and there is something on the IDM side to do the redirection to the client.
Metadata Update from @misc: - Issue priority set to: None (was: Waiting on Reporter)
Found the error, it's in the URL. The staging instance should point to https://id.stg.fedoraproject.org/ and not https://id.fedoraproject.org/. The production instance doesn't even know the client_id, which makes sense that it ends up with unknown error.
unknown error
@misc Could you change this in the https://fedoramagstg.wpengine.com/ configuration?
Metadata Update from @zlopez: - Issue priority set to: Waiting on Reporter
I'm hoping this is all done. Please re-open if it's still not working.
Metadata Update from @kevin: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.