headplane icon indicating copy to clipboard operation
headplane copied to clipboard

Published 20 hours ago verified publisher icon tale

Can't use OIDC/Full Setup

Open Heavensong89 opened this issue 1 year ago • 4 comments
trafficstars

Unfortunately I don't seem to be able to get OIDC working (Authelia) - it is working for Headscale itself. If I setup Headplane without OIDC, I can login with an Auth Key but then don't get the DNS/Settings tabs, and if I use OIDC, I get:

Error: OIDC configuration is incomplete
    at checkOidc (file:///app/build/server/index.js?t=1722629771000:850:11)
    at loadContext (file:///app/build/server/index.js?t=1722629771000:719:17)
    at file:///app/build/server/index.js?t=1722629771000:863:1

I've tried a couple of different methods. I've tried just not setting any OIDC variables, and letting it read from my config file - that gives me the above. If I set the three variables, issuer, ID and secret, the container does start and say OIDC Configured, but I get an Unexpected Server Error when I try and navigate to /admin.

My reverse proxy setup is working as I was previously using headscale-admin, bot I'm confused why I can't get headplane to work with OIDC and get all the features of the advanced implementation.

Heavensong89 avatar Aug 08 '24 06:08 Heavensong89

I'm in the same situation with Authentik ... Did you fix it ?

Drizztfire avatar Aug 08 '24 16:08 Drizztfire

I had my OIDC Secret set in Headscale as an environment variable, rather than a secret file/plaintext in the config.yaml file. For some reason, I couldn’t get any combination of that to work with Headplane environment variables for OIDC (tried not defining any of the variables, tried defining all of them, tried defining just the secret). Ultimately, when I added the OIDC secret as plaintext to the config.yaml file, Headplane then worked as it should.

My Headplane container now doesn’t have any of the OIDC Environment Variables, and is reading everything it needs from the headscale config. I may try hashing the secret and saving it in a file elsewhere and referencing that in the config.yaml (as I do in my Authelia configuration.yaml) as it’s not ideal having it in plaintext in the config.

Heavensong89 avatar Aug 08 '24 22:08 Heavensong89

Hi, sorry you encountered that. It's definitely a known issue that I can't read secrets from files based on the Headscale config, but it is most definitely a bug since it appears the OIDC variables are not overriding the config.

tale avatar Aug 10 '24 21:08 tale

ahh yes, would be good to be able to use the variables as then I can use them in both containers!

Heavensong89 avatar Aug 21 '24 17:08 Heavensong89

Fixed in 0.2.3. The minimum requirement for Headscale is now 0.23.0-beta2 or else Headplane will start with errors.

tale avatar Aug 23 '24 19:08 tale