I’m running Atlas in docker, trying to use SSO authentication with Okta/OpenID. When I click the OpenID button on the sign-in modal, I’m getting a 500 error. The log is showing a java.io.FileNotFoundException: https://dev-[redacted].okta.com/oauth2/default.
I was expecting that I’d be redirected to Okta’s login page. We know that our Okta application is setup to handle any OID token retrieval @ /oauth2/default but it seems like WebAPI is incorrectly treating our security.oid.url as a file, rather than a url to actually handle. Any help would be greatly appreciated.
Note: We are using WebAPI v2.8.2 due to Oracle databases no longer being supported by newer versions of WebAPI.
Log file error:
2023-06-23 22:05:55.447 DEBUG http-nio-9006-exec-2 org.pac4j.core.engine.DefaultSecurityLogic - - === SECURITY ===
2023-06-23 22:05:55.449 DEBUG http-nio-9006-exec-2 org.pac4j.core.engine.DefaultSecurityLogic - - url: http://localhost:9006/WebAPI/user/login/openid?redirectUrl=/home
2023-06-23 22:05:55.450 DEBUG http-nio-9006-exec-2 org.pac4j.core.engine.DefaultSecurityLogic - - matchers: null
2023-06-23 22:05:55.455 DEBUG http-nio-9006-exec-2 org.pac4j.core.engine.DefaultSecurityLogic - - clients: OidcClient
2023-06-23 22:05:55.455 DEBUG http-nio-9006-exec-2 org.pac4j.core.client.finder.DefaultSecurityClientFinder - - Provided clientNames: OidcClient
2023-06-23 22:05:55.456 DEBUG http-nio-9006-exec-2 org.pac4j.core.client.finder.DefaultSecurityClientFinder - - clientNameOnRequest: Optional.empty
2023-06-23 22:05:55.457 DEBUG http-nio-9006-exec-2 org.pac4j.core.client.finder.DefaultSecurityClientFinder - - result: [OidcClient]
2023-06-23 22:05:55.457 DEBUG http-nio-9006-exec-2 org.pac4j.core.engine.DefaultSecurityLogic - - currentClients: [#OidcClient# | name: OidcClient | callbackUrl: https://localhost:9006/WebAPI/user/oauth/callback | callbackUrlResolver: org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@fa6cad6 | ajaxRequestResolver: null | redirectionActionBuilder: null | credentialsExtractor: null | authenticator: null | profileCreator: org.pac4j.core.profile.creator.AuthenticatorProfileCreator@75926ebe | logoutActionBuilder: org.pac4j.core.logout.NoLogoutActionBuilder@7ec15e08 | authorizationGenerators: [] | configuration: #OidcConfiguration# | clientId: [redacted] | secret: [protected] | discoveryURI: https://dev-[redacted].okta.com/oauth2/default | scope: null | customParams: {} | clientAuthenticationMethod: null | useNonce: true | preferredJwsAlgorithm: RS256 | maxAge: null | maxClockSkew: 30 | connectTimeout: 500 | readTimeout: 5000 | resourceRetriever: null | responseType: code | responseMode: null | logoutUrl: | withState: true | stateGenerator: org.pac4j.core.util.generator.RandomValueGenerator@1772069c | logoutHandler: null | tokenValidator: null | |]
2023-06-23 22:05:55.458 DEBUG http-nio-9006-exec-2 org.pac4j.core.engine.DefaultSecurityLogic - - loadProfilesFromSession: true
2023-06-23 22:05:55.472 DEBUG http-nio-9006-exec-2 org.pac4j.core.engine.DefaultSecurityLogic - - profiles: []
2023-06-23 22:05:55.473 DEBUG http-nio-9006-exec-2 org.pac4j.core.engine.DefaultSecurityLogic - - Starting authentication
2023-06-23 22:05:55.473 DEBUG http-nio-9006-exec-2 org.pac4j.core.engine.savedrequest.DefaultSavedRequestHandler - - requestedUrl: http://localhost:9006/WebAPI/user/login/openid?redirectUrl=/home
2023-06-23 21:28:13.774 ERROR http-nio-9006-exec-5 org.ohdsi.webapi.shiro.filters.ExceptionHandlerFilter - - Error during filtering
javax.servlet.ServletException: org.pac4j.core.exception.TechnicalException: java.io.FileNotFoundException: https://dev-[redacted].okta.com/oauth2/default
My security settings (via docker environment variables) are:
security.auth.openid.enabled=true
security.oid.clientId=[redacted]
security.oid.apiSecret=[redacted]
security.oid.url=https://dev-[redacted].okta.com/oauth2/default
security.oid.redirectUrl=https://localhost:9006/atlas/#/welcome
security.oauth.callback.api=https://localhost:9006/WebAPI/user/oauth/callback
My config-local.js:
define([], function () {
var configLocal = {};
// clearing local storage otherwise source cache will obscure the override settings
localStorage.clear();
var getUrl = window.location;
var baseUrl = getUrl.protocol + "//" + getUrl.host;
// WebAPI
configLocal.api = {
name: 'OHDSI',
url: 'http://localhost:9006/WebAPI/'
};
configLocal.cohortComparisonResultsEnabled = false;
configLocal.userAuthenticationEnabled = true;
configLocal.plpResultsEnabled = false;
configLocal.supportMail = 'redacted@redacted.del';
configLocal.authProviders = [
{
"name": "OpenID",
"url": "user/login/openid",
"ajax": false,
"icon": "fa fa-openid"
},
];
return configLocal;
});