authentik
authentik copied to clipboard
goauthentik
Can't create OpenID Connect Provider
Describe the bug Can't create a new OpenID Connect/OAuth provider. Works until I press "Finish" but nothing happens. Tried to create only the provider and via the Wizard but either works.
To Reproduce Steps to reproduce the behavior:
- Update to 2024.8.0
- Create provider
Expected behavior A new provider
Logs No relevant logs
Version and Deployment (please complete the following information):
- authentik version: 2024.8.0
- Deployment: helm
I have the same problem and also when using an existing OpenID authentication I get the following error:
could not read block 0 in file "base/16384/18994": read only 0 of 8192 bytes Traceback (most recent call last): File "/authentik/flows/views/executor.py", line 286, in get stage_response = self.current_stage_view.dispatch(request) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/ak-root/venv/lib/python3.12/site-packages/django/views/generic/base.py", line 143, in dispatch return handler(request, *args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/authentik/providers/oauth2/views/authorize.py", line 531, in get return self.redirect(self.create_response_uri()) ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/authentik/providers/oauth2/views/authorize.py", line 554, in create_response_uri code.save() File "/ak-root/venv/lib/python3.12/site-packages/django/db/models/base.py", line 822, in save self.save_base( File "/ak-root/venv/lib/python3.12/site-packages/django/db/models/base.py", line 909, in save_base updated = self._save_table( ^^^^^^^^^^^^^^^^^ File "/ak-root/venv/lib/python3.12/site-packages/django/db/models/base.py", line 1071, in _save_table results = self._do_insert( ^^^^^^^^^^^^^^^^ File "/ak-root/venv/lib/python3.12/site-packages/django/db/models/base.py", line 1112, in _do_insert return manager._insert( ^^^^^^^^^^^^^^^^ File "/ak-root/venv/lib/python3.12/site-packages/django/db/models/manager.py", line 87, in manager_method return getattr(self.get_queryset(), name)(*args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/ak-root/venv/lib/python3.12/site-packages/django/db/models/query.py", line 1847, in _insert return query.get_compiler(using=using).execute_sql(returning_fields) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/ak-root/venv/lib/python3.12/site-packages/django/db/models/sql/compiler.py", line 1823, in execute_sql cursor.execute(sql, params) File "/ak-root/venv/lib/python3.12/site-packages/django/db/backends/utils.py", line 79, in execute return self._execute_with_wrappers( ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/ak-root/venv/lib/python3.12/site-packages/django/db/backends/utils.py", line 92, in _execute_with_wrappers return executor(sql, params, many, context) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/ak-root/venv/lib/python3.12/site-packages/django/db/backends/utils.py", line 100, in _execute with self.db.wrap_database_errors: File "/ak-root/venv/lib/python3.12/site-packages/django/db/utils.py", line 91, in __exit__ raise dj_exc_value.with_traceback(traceback) from exc_value File "/ak-root/venv/lib/python3.12/site-packages/django/db/backends/utils.py", line 105, in _execute return self.cursor.execute(sql, params) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/ak-root/venv/lib/python3.12/site-packages/django_prometheus/db/common.py", line 69, in execute return super().execute(*args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/ak-root/venv/lib/python3.12/site-packages/psycopg/cursor.py", line 97, in execute raise ex.with_traceback(None) django.db.utils.InternalError: could not read block 0 in file "base/16384/18994": read only 0 of 8192 bytes Request ID
Having the same issue, might be related to the errors shown in the browser console.
Uncaught (in promise) TypeError: this.selected is undefined
willUpdate ak-dual-select.ts:118
performUpdate reactive-element.ts:1439
scheduleUpdate reactive-element.ts:1338
_$ET reactive-element.ts:1310
requestUpdate reactive-element.ts:1268
_$Ev reactive-element.ts:1017
f reactive-element.ts:1000
C lit-element.ts:122
St Base.ts:63
<anonymous> eventEmitter.ts:60
<anonymous> eventEmitter.ts:11
h ak-dual-select.ts:96
u lit-html.ts:1212
$ lit-html.ts:1633
_$AI lit-html.ts:1469
Ct lit-html.ts:2269
update lit-element.ts:163
performUpdate reactive-element.ts:1441
scheduleUpdate reactive-element.ts:1338
_$ET reactive-element.ts:1310
requestUpdate reactive-element.ts:1268
_$Ev reactive-element.ts:1017
f reactive-element.ts:1000
C lit-element.ts:122
St Base.ts:63
K AkControlElement.ts:13
<anonymous> eventEmitter.ts:60
f ak-dual-select-provider.ts:84
u lit-html.ts:1212
$ lit-html.ts:1633
_$AI lit-html.ts:1469
p lit-html.ts:1276
$ lit-html.ts:1644
_$AI lit-html.ts:1469
p lit-html.ts:1276
$ lit-html.ts:1644
_$AI lit-html.ts:1469
Ct lit-html.ts:2269
update lit-element.ts:163
performUpdate reactive-element.ts:1441
scheduleUpdate reactive-element.ts:1338
_$ET reactive-element.ts:1310
requestUpdate reactive-element.ts:1268
render ModelForm.ts:93
promise callback*render ModelForm.ts:89
update lit-element.ts:158
performUpdate reactive-element.ts:1441
scheduleUpdate reactive-element.ts:1338
_$ET reactive-element.ts:1310
requestUpdate reactive-element.ts:1268
_$Ev reactive-element.ts:1017
f reactive-element.ts:1000
C lit-element.ts:122
St Base.ts:63
S Form.ts:161
u ModelForm.ts:58
v BaseProviderForm.ts:5
h OAuth2ProviderForm.ts:129
renderVisible ProxyForm.ts:43
render Form.ts:408
update lit-element.ts:158
performUpdate reactive-element.ts:1441
scheduleUpdate reactive-element.ts:1338
_$ET reactive-element.ts:1310
requestUpdate reactive-element.ts:1268
requestUpdate ProxyForm.ts:32
requestUpdate WizardPage.ts:47
requestUpdate WizardPage.ts:45
set currentStep Wizard.ts:86
renderModalInner Wizard.ts:210
Edit 9/7: after uninstalling then restoring from backup, then pulling the beta/dev version it has been working. I am no longer having issues with the finish button. I have also not received any other errors.
I am having the same issue with OpenID Connect/OAuth as well as Forward Auth Single Application. Even though the result was the same, noticed that when I used the wizard there was an option for Forward Auth Single Application but when I went directly to providers it only has an option for Proxy Provider. Anyway, I am not receiving any errors, just the button not working.
It's definitely a UI issue. I managed to temporarily fix by downgrading to 2024.6.4 as it seems like it doesn't have this issue. Not an ideal solution but it works until we get a fix.
Can confirm on 2024.8.0. If I click on "Next" (German "Weiter") nothing happens. Downgrading to 2024.6.4 solved it.
How exactly can anyone rollback? It will not become healthy again for me if I roll back, and I also can't upgrade apline as it causes constant restarts. Updating tips and tricks would be cool, I am using docker-compose. I can't rollback for nothing. Thanks
How exactly can anyone rollback? It will not become healthy again for me if I roll back, and I also can't upgrade apline as it causes constant restarts. Updating tips and tricks would be cool, I am using docker-compose. I can't rollback for nothing. Thanks
You can specify the following docker image tag to roll back:
ghcr.io/goauthentik/server:2024.6.4
I have just done this myself after all my proxy applications appended X-authentik-auth-callback=true to the application URLs, causing them not to load. 2024.8.0 is a no-go for me. It was faster to roll back than look for a fix (assuming one even exists).
Unfortunately, this does not work for me, the containers then restart again and again with errors as soon as I save the new version again, the container comes up without any problems.
Unfortunately, this does not work for me, the containers then restart again and again with errors as soon as I save the new version again, the container comes up without any problems.
After rolling back to ghcr.io/goauthentik/server:2024.6.4 I was also required to restore the mapped volumes from backup, as not all containers in the stack succeeded in starting correctly. Not ideal, but I'm able to do this relatively painlessly with my setup.
FWIW, only the provider creation UI appears to be affected, so you can still create providers through the API. For example, to create a proxy provider:
curl -X POST -L 'https://your.authentik.host/api/v3/providers/proxy/' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer <api_token_here>' \
--data '{"authorization_flow": "<authorization_flow_id>", "name": "New proxy", "external_host": "https://test", "mode": "forward_single"}'
You can create an api token under Directory > Tokens and App Passwords. To find your authorization flow ID, I believe the easiest way is to navigate to the flow in Authentik and "export" it. That will download a .yaml file with the flow's details, and the flow ID will be in there as well. Example: 7aff7101-1222-48e4-a5c0-7ebc62775e48.
Don't worry too much about the request details, as you can seemingly still modify the provider through the web interface. Only creation appears to be affected.
Creating outposts also seems to be affected. The relevant command for this one is as follows:
curl -X POST -L 'https://your.authentik.host/api/v3/outposts/instances/' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer <api_token_here>' \
--data '{"name": "Some outpost name", "type": "proxy", "providers": [<provider_id_here>], "config": {}}'
This time, the provider ID can be found by navigating to the provider and looking at the URL: you should see /core/providers/<number> somewhere in the middle there. That number is your provider ID.
After a very brief review, there seems to be no click-event attached to the button that is not sentry related. Maybe the ui isn't loading correctly?
Same behavior running both the Authentik & Authentik-worker latest version 2024.8 on a machine running UnRaid. Just learned the basics of Authentik + Traefik on the 2024.6.4 version, only to lose internet access for 36 hrs (Lightning Strike) and to restart system, update containers to the latest version and everything broke (Can't create new providers and "X-authentik-auth-callback=true" was added to all "Forward Auth" applications I had already configured.
In my case downgrading back to 2024.6.4 did not work, in fact after downgrading both Authentik & Authentik-worker containers, the Authentik server failed to load, I was forced to delete the Postgres database and start from scratch.
Glad is an issue and not something I did.
might be fixed by https://github.com/goauthentik/authentik/pull/11203, please try on ghcr.io/goauthentik/dev-server:gh-version-2024.8
might be fixed by #11203, please try on ghcr.io/goauthentik/dev-server:gh-version-2024.8
I was able to create a proxy and an oidc provider with this branch! Error messages are missing text, but it's functional.
Was that error message from a failed attempt to submit the form or did that error message show up when filling out everything correctly?
Same behavior running both the Authentik & Authentik-worker latest version 2024.8 on a machine running UnRaid. Just learned the basics of Authentik + Traefik on the 2024.6.4 version, only to lose internet access for 36 hrs (Lightning Strike) and to restart system, update containers to the latest version and everything broke (Can't create new providers and "X-authentik-auth-callback=true" was added to all "Forward Auth" applications I had already configured.
In my case downgrading back to 2024.6.4 did not work, in fact after downgrading both Authentik & Authentik-worker containers, the Authentik server failed to load, I was forced to delete the Postgres database and start from scratch.
Glad is an issue and not something I did.
Seeing the same issue so I'm glad I am not the only one. I found out the backups of the database wasn't running so I cannot revert back to 2024.06.04 so I'm kinda stuck waiting for a fix.
Thanks for posting this as I was going insane and even had a support ticket open.
X-authentik-auth-callback=true is purposefully added to all proxy providers, depending on the reverse proxy it is used by the authentik outpost to know which requests are for it
might be fixed by #11203, please try on ghcr.io/goauthentik/dev-server:gh-version-2024.8
works for me now
Was that error message from a failed attempt to submit the form or did that error message show up when filling out everything correctly?
Hi @BeryJu , the blank error banner showed up when I tried creating a provider without all of the required fields. The red text underneath each field is displayed correctly.
ghcr.io/goauthentik/dev-server:gh-version-2024.8
OK using the new dev image provided, I can now add providers. however within the authentik's "my applications" screen as before the extra text has been added to all "Applications URL" This prevents the application from launching (I have it set to open new window) if I removed the extra text and just type "app.domain.com" at the browser, it works as expected.
It also automatically adds "Additional Scopes" to all providers; This was not required on version 2024.6.4 Since i am new to Authentik I didn't know I had to used them, but works fine on 2024.6.4 without them. ( I'm only using "Forward Auth" not using OpenID at all)
So at this moment with this dev 2024.8 version all but the "My Application" apps seem to work. sticking to 2024.6.4 till a version 2024.8 is iron-out a little more.
might be fixed by #11203, please try on ghcr.io/goauthentik/dev-server:gh-version-2024.8
On ARM the correct image is ghcr.io/goauthentik/dev-server:gh-version-2024.8
It fixed the problem for me 😊
Can we roll back to 2024.6.4 without a database backup?
You should definitely backup before you attempt this. For me a rollback did not work, I used the dev version instead.
After updating to the DEV version, I still have the problem that OpenID logins do not work:
Is that just me?
Same issue for me, just waiting for a fix since I just deployed authentik yesterday so nothing to lose, but hoping it gets fixed soon.
+1 Same for me, FIX #11203 (ghcr.io/goauthentik/dev-server:gh-version-2024.8) NOT working with ARM
I think for the time being, I'm going to wait on 2024.6.4 as the initial 2024.8 release seems to be really buggy and the previous attempt to upgrade on day one, I didn't take a backup and in the end had to rebuild everything from scratch.
@BeryJu - Would it be safe to upgrade from 2024.6.4 to 2024.8.1 when it comes out and skip over the 2024.8 initial version?
