-
Bug
-
Resolution: Done
-
Normal
-
OSSM 2.3.0
When trying to connect to Kiali via "openshift" auth strategy (which is using OpenShift OAuth), the following error message appears as login failure:
Â
error   "invalid_request" error_description   "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed."
Customer has non-standard ports defined in the OpenShift ingress.
Today, this is not supported by Kiali.
apiVersion: oauth.openshift.io/v1 grantMethod: auto kind: OAuthClient metadata:  annotations:   operator-sdk/primary-resource: istio-system/kiali   operator-sdk/primary-resource-type: Kiali.kiali.io  labels:   app: kiali   app.kubernetes.io/instance: kiali   app.kubernetes.io/name: kiali   app.kubernetes.io/part-of: kiali   app.kubernetes.io/version: 067a2c5257e5aef21ae8f896d28425c3aecde3333abaf589ff5e52b0207eXXX   version: 067a2c5257e5aef21ae8f896d28425c3aecde3333abaf589ff5e52b0207eXXX  name: kiali-istio-system redirectURIs: - https://kiali-istio-system.apps-mgm.my-test.abc.com
Â
That "redirectURIs" value doesn't work because the ingress service is not using the standard 443 for https, but instead has been changed by the customer to be 31102:
Â
$ oc get svc -n openshift-ingress
NAME Â Â Â Â Â Â Â Â Â Â Â TYPE Â Â Â Â CLUSTER-IP Â EXTERNAL-IP Â PORT(S) Â Â Â Â Â Â Â Â Â Â Â Â AGE
router-internal-apps    ClusterIP  9.2.209.61  <none>     31103/TCP,31104/TCP,1937/TCP  131d
router-internal-default  ClusterIP  9.2.215.29  <none>     31101/TCP,31102/TCP,1936/TCP  131dÂ
Here you can see it has been changed:
Â
$ oc get svc router-internal-default -n openshift-ingress -o yaml
...
 ports:
 - name: http
  port: 31101
  protocol: TCP
  targetPort: 31101
 - name: https
  port: 31102      <--- Ingress HTTPS port is 31102 as entrypoint.
  protocol: TCP
  targetPort: 31102
Â