netbird
netbird copied to clipboard
Published
20 hours ago •
netbirdio
netbirdio
OIDC: wrong host for .well-known/openid-configuration
Describe the problem
I get an Error: Unauthenticated message upon opening the dashboard homepage. Checking the browser's development console, it is attempting to fetch the OIDC configuration from http://localhost/.well-known/openid-configuration which is obviously wrong. I can't find the (environment?) variable to change this.
Additionally (not sure if related), but the setup script generates an openid-configuration.json file which is never used in the generated compose file. Is this intentional?
To Reproduce
Relevant part from docker-compose.yml:
services:
dashboard:
image: netbirdio/dashboard:latest
# ...
environment:
# ...
# OIDC
- AUTH_AUDIENCE=netbird
- AUTH_CLIENT_ID=clientId
- AUTH_CLIENT_SECRET=clientSecret
- AUTH_AUTHORITY=https://auth.domain.tld
- USE_AUTH0=false
- AUTH_SUPPORTED_SCOPES=openid profile email offline_access api groups
- NETBIRD_TOKEN_SOURCE=accessToken
# ...
management:
image: netbirdio/management:latest
// ...
ports:
- 33073:443
command: [
"--port", "443",
"--log-file", "console",
"--log-level", "info",
"--disable-anonymous-metrics=false",
"--single-account-mode-domain=net.doman.tld",
"--dns-domain=netbird.selfhosted",
# Only if dashboard doesn't exist/enable letsencrypt
"--letsencrypt-domain", "net.domain.tld",
]
volumes:
- netbird-mgmt:/var/lib/netbird
- letsencrypt:/etc/letsencrypt:ro
- ./management.json:/etc/netbird/management.json
management.json:
{
"Stuns": [
{
"Proto": "udp",
"URI": "stun:net.domain.tld:3478",
"Username": "",
"Password": null
}
],
"TURNConfig": {
"Turns": [
{
"Proto": "udp",
"URI": "turn:net.domain.tld:3478",
"Username": "self",
"Password": "ZTgDOSevQghQDn6ZMgVYKld4vB0hXQ5dZ23cYM5pG0M"
}
],
"CredentialsTTL": "12h",
"Secret": "secret",
"TimeBasedCredentials": false
},
"Signal": {
"Proto": "https",
"URI": "net.domain.tld:10000",
"Username": "",
"Password": null
},
"ReverseProxy": {
"TrustedHTTPProxies": [],
"TrustedHTTPProxiesCount": 0,
"TrustedPeers": [
"0.0.0.0/0"
]
},
"Datadir": "",
"DataStoreEncryptionKey": "",
"StoreConfig": {
"Engine": "sqlite"
},
"HttpConfig": {
"Address": "0.0.0.0:33073",
"AuthIssuer": "https://auth.domain.tld",
"AuthAudience": "netbird",
"AuthKeysLocation": "https://auth.domain.tld/jwks.json",
"AuthUserIDClaim": "preferred_username",
"CertFile": "",
"CertKey": "",
"IdpSignKeyRefreshEnabled": false,
"OIDCConfigEndpoint": "https://auth.domain.tld/.well-known/openid-configuration"
},
"IdpManagerConfig": {
"ManagerType": "",
"ClientConfig": {
"Issuer": "https://auth.domain.tld",
"TokenEndpoint": "https://auth.domain.tld/api/oidc/token",
"ClientID": "",
"ClientSecret": "",
"GrantType": "client_credentials"
},
"ExtraConfig": {},
"Auth0ClientCredentials": null,
"AzureClientCredentials": null,
"KeycloakClientCredentials": null,
"ZitadelClientCredentials": null
},
"DeviceAuthorizationFlow": {
"Provider": "none",
"ProviderConfig": {
"Audience": "netbird",
"AuthorizationEndpoint": "",
"Domain": "",
"ClientID": "",
"ClientSecret": "",
"TokenEndpoint": "https://auth.domain.tld/api/oidc/token",
"DeviceAuthEndpoint": "null",
"Scope": "openid",
"UseIDToken": false,
"RedirectURLs": null
}
},
"PKCEAuthorizationFlow": {
"ProviderConfig": {
"Audience": "netbird",
"ClientID": "mMZH_ychgEKCMF73v0gFvy1~aSL7uCzS6oBJu8qVJrik4Kr.g_zQtonWEioCXRl746yFO.eC",
"ClientSecret": "G1wY.vEQTCrMaHuPhnhCzR~Vc~LONL_Y.3UNBRRR5sy-vpgd36xSjRPetNrApOEe3i~p5bNg",
"Domain": "",
"AuthorizationEndpoint": "https://auth.domain.tld/api/oidc/authorization",
"TokenEndpoint": "https://auth.domain.tld/api/oidc/token",
"Scope": "openid profile email offline_access api groups",
"RedirectURLs": [
"http://localhost:53000"
],
"UseIDToken": false
}
}
}
Expected behavior
The configuration should be retrieved from https://auth.domain.tld/.well-known/oidc-configuration.
Are you using NetBird Cloud?
Self-hosted
NetBird version
0.28.7
