frontend icon indicating copy to clipboard operation
frontend copied to clipboard
verified publisher icon DependencyTrack

Maximum call stack size exceeded during OIDC Login (Azure Entra ID)

Open AMDoellal opened this issue 5 months ago • 2 comments

Current Behavior

We are deploying Dependency Track via Helm. The application has been set up so that the front end is accessible. The app registration is configured as a single-page application (SPA) with a configured redirect URI. When attempting to log in via OpenID Connect, the front-end console displays the following error: 'Maximum call stack size exceeded.'

However, the pod logs indicate that the login was successful. There is also an issue in the main repository, but I think it is only front-end related.

Image

I think I've found the error in the following file: https://github.com/DependencyTrack/frontend/blob/master/public/static/oidc-callback.html. The Vue JS, a state update in render/computed triggers another render, creating an endless loop, from a login redirect loop where the callback redirects to itself or to a page that immediately redirects you back to the login page. This causes signinRedirectCallback() to be executed infinitely. I think the following lines are the cause of the error: https://github.com/DependencyTrack/frontend/blob/e115cdd814385c43a53411a83d1249808759922e/public/static/oidc-callback.html#L50 const redirectTo = user.state; window.location.href = redirectTo && isUrlSaveForRedirect(redirectTo) ? redirectTo : "../";

Steps to Reproduce

1.Register the application in azure 2.Setup the appreg parameters in helm or docker compose 3.Click login and check the devtools console log

Expected Behavior

Redirect to dashboard

Dependency-Track Frontend Version

4.13.3

Browser

Google Chrome

Browser Version

138.0.7204.184

Operating System

macOS

Checklist

AMDoellal avatar Aug 14 '25 14:08 AMDoellal

I ran into the same issue with a keycloak IDP backed deployment on v4.13.4.

Local managed users work fine and can access dependency track just fine.

The local admin sees the OpenID Connect User created in the admin console but the OpenID Connect User does not seem to correctly map the group membership as the OIDC user has no team membership associated. Manually assigning permissions to the OIDC user does not correct the 403 error and the user still can not log in (same 403 loop problem as AMDoellal mentioned).

cvennel avatar Sep 04 '25 13:09 cvennel

I have opened a PR for the bug: https://github.com/DependencyTrack/frontend/pull/1338

AMDoellal avatar Sep 23 '25 11:09 AMDoellal