I had a smooth running penpot on ubuntu. When i updated in December everything was working. Now, today i was trying to login after some ubuntu updates and penpot was telling me that OICD was not configured. Nothing changed in the configuration. OICD is running.
im a step further after entering the optional config items:
PENPOT_OICD_AUTH_URI:
PENPOT_OICD_TOKEN_URI:
PENPOT_OICD_USER_URI:
But i get a redirect error then.
The Redirect generated is like this: https://domain.tld/api/auth/oidc/callback where i thought it must be …/api/auth/oauth/oidc/callback
…/api/auth/oidc?provider=oidc[HTTP/2 400 19ms]
Restriction Error errors.cljs:57:6
{:type :restriction, :code :sso-provider-not-configured, :hint “provider not configured”, :provider “oidc”}
When i comment it out i get a frontend error after updating the stack
Also the Backend is refusing the OICD then and gives me errors.
Was there a change where i have to provide the optional config elements? How do i find out the right URLs?
right now i just cannot login. Also if i make changes to the config/stack i get 502 Bad Gateway Error and have to restart the server.
edit: a rollbacl to a previous version of penpot did not help. so probably its something else that changed e.g. a recent ubuntu update.
Hello @DichterD, I appreciate you bringing it to our attention. Our team is investigating the issue.
It seems, after redeploying the whole penpot containers, its a java problem with self signed certificates / reverse proxy.
SUMMARY:
→ clojure.lang.ExceptionInfo: unexpected exception on configuring provider (oidc.clj:150)
→ javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid... (:-1)
→ javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid... (:-1)
→ sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to... (:-1)
→ sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (:-1)
I just have no clue how to solve this because it was already working.
i using portainer to keep track of all the containers im using. Is there an easy way to fix the cert error?
i tried to import the CA crt files to the backend container but no luck.
Nothing happens when i click OpenID Login.
when i provide links to OICD Toke, Auth and UserInfo i get the following after succesfully providing my credentials:
login?error=unable-to-auth&hint=(certificate_unknown)+PKIX+path+building+failed%3A+sun.security.provider.certpath.SunCertPathBuilderException%3A+unable+to+find+valid+certification+path+to+requested+target
Java cert Problem?
NGINX Problem?
