dexidp
DEX server failed to start up in Amazon EKS with Azure OIDC issuer
Preflight Checklist
- [x] I agree to follow the Code of Conduct that this project adheres to.
- [x] I have searched the issue tracker for an issue that matches the one I want to file, without success.
- [x] I am not looking for support or already pursued the available support channels without success.
Version
v2.44.0
Storage Type
In-memory
Installation Type
Official container image
Expected Behavior
msg="listening on" server=http address=0.0.0.0:5556
Actual Behavior
failed to initialize server: server: Failed to open connector oidc: failed to open connector: failed to create connector oidc: failed to get provider: 404 NotFound: Not Found.
Steps To Reproduce
In Amazon EKS 1.32.8, I deployed the dex server v2.44.0 with the following configuration to the "test" namespace:
Configuration
kind: ConfigMap
apiVersion: v1
metadata:
name: dex
namespace: test
data:
config.yaml: |
issuer: http://localhost:5556/dex
storage:
type: memory
web:
http: 0.0.0.0:5556
oauth2:
skipApprovalScreen: true
connectors:
- type: oidc
id: oidc
name: azure
config:
issuer: https://login.microsoftonline.com/{tenant_id}/v2.0
clientID: test
clientSecret: test
redirectURI: https://localhost:5556/api/dex/callback
insecureSkipEmailVerified: true
insecureEnableGroups: true
getUserInfo: false
scopes:
- openid
- profile
- email
staticClients:
- id: example-app
redirectURIs:
- 'http://localhost:5555/callback'
name: 'Example App'
secret: ZXhhbXBsZS1hcHAtc2VjcmV0
enablePasswordDB: true
staticPasswords:
- email: "[email protected]"
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
username: "admin"
userID: "1234"
logger:
level: "debug"
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: dex
name: dex
namespace: test
spec:
replicas: 1
selector:
matchLabels:
app: dex
template:
metadata:
labels:
app: dex
spec:
containers:
- image: ghcr.io/dexidp/dex:v2.44.0
name: dex
command: ["/usr/local/bin/dex", "serve", "/etc/dex/cfg/config.yaml"]
ports:
- name: https
containerPort: 5556
volumeMounts:
- name: config
mountPath: /etc/dex/cfg
securityContext:
runAsUser: 1001
runAsGroup: 1001
volumes:
- name: config
configMap:
name: dex
items:
- key: config.yaml
path: config.yaml
Dex server failed to start up with the following error: failed to initialize server: server: Failed to open connector oidc: failed to open connector: failed to create connector oidc: failed to get provider: 404 NotFound: Not Found.
Additional Information
It seems latest build with golang 1.25.0 (dex_version=v2.44.0 go.version=go1.25.0 go.os=linux go.arch=amd64) breaks the dex server to start up, older version 1.24.3 (dex_version=v2.43.1 go.version=go1.24.3 go.os=linux go.arch=amd64) is working fine, I also rebuilt the dex server with latest golang version 1.24.11 (dex_version=8ab3-dirty go.version=go1.24.11 go.os=linux go.arch=amd64) in latest "alpine/curl" image, it also works.
Logs
failed to initialize server: server: Failed to open connector oidc: failed to open connector: failed to create connector oidc: failed to get provider: 404 NotFound: Not Found.
Probably got a 404 on https://login.microsoftonline.com/{tenant_id}/v2.0 your error came from https://github.com/coreos/go-oidc/blob/35b8e031bcac7fed73b96b09d42e6e233a6e6562/oidc/oidc.go#L256
go-oidc was recently bumped to go 1.24.0, but hasn't been tested on go 1.25.0, https://github.com/coreos/go-oidc/pull/467/commits/f4fd38172bfae6ce134e81e1e3ca614aa4af990f, it seems go 1.25.0 upwards breaks the oidc connection to Azure, I tested the oidc connection with go 1.25.5 also failed.