ahmed
(ahmed)
1
Hey Everyone,
I’m trying to use GitLab as an OIDC provider with AWX 22.1.0. I have followed these steps:
- Add application in GitLab with :
- Configure Generic OIDC:
- “SOCIAL_AUTH_OIDC_KEY”: “application ID from GitLab”
- “SOCIAL_AUTH_OIDC_SECRET”: “Secret from GitLab”
- “SOCIAL_AUTH_OIDC_OIDC_ENDPOINT”: “https://gitlab-instance/.well-known/openid-configuration”,
- “SOCIAL_AUTH_OIDC_VERIFY_SSL”: false
When I try to connect via GUI, I get this error:
2023-07-31 13:55:44,798 ERROR [35f2be137b45484d8003e87108ed5049] social Expecting value: line 1 column 1 (char 0).
Is missing something in my configuration or does AWX not support OIDC authentication with GitLab? ?
Thanks,
ahmed
(ahmed)
2
I have changed the SOCIAL_AUTH_OIDC_OIDC_ENDPOINT to https://gitlab-instance and now I get a new error as in this issue 13226:
ERROR [b4edee95256c4f68be89f78efbac41dd] social Direct assignment to the forward side of a many-to-many set is prohibited. Use groups.set() instead.
My purpose is to use OIDC for authentication and not for authorization.
Please help, much appreciated !
ahmed
(ahmed)
3
The error disappears by upgrading the version of social-auth-core[openidconnect] to 4.4.0.
Now how can I use this backend to authenticate to AWX API from a GitLab pipeline by using CI_JOB_JWT variable ?
Do you mind opening a PR or issue in AWX and describe the problem and how bumping to 4.4.0 solved it?
as for you second question, maybe create a new thread since it is about something else.
AWX Team