Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gitlab OIDC callback error on Web UI - cannot read properties of null (reading 'includes') #16718

Closed
barbsicle opened this issue Aug 14, 2022 · 2 comments · Fixed by #16886
Closed

Gitlab OIDC callback error on Web UI - cannot read properties of null (reading 'includes') #16718

barbsicle opened this issue Aug 14, 2022 · 2 comments · Fixed by #16886
Labels
bug Used to indicate a potential bug identity/oidc ui

Comments

@barbsicle
Copy link

barbsicle commented Aug 14, 2022
edited

I'm trying to set up HCP Vault for my organisation with Gitlab as an OIDC provider. I was able to successfully connect the Gitlab Application to my Vault cluster and logged in via CLI, but I am running into an crash when using the Web UI.

Environment:

  • Vault Version: 1.11.2 (3a8aa12)
  • Operating System/Architecture: Ubuntu 20.04

Vault Config File:
Default HCP Vault config

Expected Behavior:
After setting up oidc authentication provider Gitlab, should be able to login via the Web UI.

Actual Behavior:
Redirect URI was set up correctly for the Web UI, but after redirecting the popup crashed:

Uncaught (in promise) TypeError: Cannot read properties of null (reading 'includes')
    at e.afterModel (vault-50dd3b3157e901f1cb1a5d52c011e6b0.js:2626:6)
    at P.runAfterModelHook (vendor-0c2a4541747f852115600454a89731af.js:4411:104)
    at vendor-0c2a4541747f852115600454a89731af.js:4399:669
    at b (vendor-0c2a4541747f852115600454a89731af.js:4560:12)
    at v (vendor-0c2a4541747f852115600454a89731af.js:4558:128)
    at invoke (vendor-0c2a4541747f852115600454a89731af.js:4110:139)
    at h.flush (vendor-0c2a4541747f852115600454a89731af.js:4102:74)
    at f.flush (vendor-0c2a4541747f852115600454a89731af.js:4115:207)
    at F._end (vendor-0c2a4541747f852115600454a89731af.js:4172:9)
    at F._boundAutorunEnd (vendor-0c2a4541747f852115600454a89731af.js:4124:605)

Also, not sure if this is related but /sys/internal/ui/resultant-acl is returning 403 - permission denied even though the documentation mentions it as unauthenticated. My guess is that the 403 error reset the URL which caused window.location.search to become null - related code here.

Steps to Reproduce:

  1. Set up a standard HCP Vault cluster and note its public URL
  2. Set up Gitlab OIDC according to the current documentation here and here
  3. Ensure redirect URI of both the Gitlab Application and the OIDC role
  4. Attempt to log in via web UI selecting OIDC
@hsimon-hashicorp hsimon-hashicorp added identity/oidc bug Used to indicate a potential bug ui and removed bug Used to indicate a potential bug labels Aug 15, 2022
@hellobontempo
Copy link
Contributor

hellobontempo commented Aug 26, 2022
edited

Thanks for the bug report @barbsicle! This has been fixed by PR #16886 and will be included in the minor release 1.11.3

@hashishaw hashishaw linked a pull request Aug 26, 2022 that will close this issue
UI/OIDC auth bug for cloud ui HCP namespace flag #16886
Merged
@barbsicle
Copy link
Author

@hellobontempo thank you as well for your attention to the bug and for picking it up in such short time! 🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Used to indicate a potential bug identity/oidc ui
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

UI/OIDC auth bug for cloud ui HCP namespace flag hashicorp/vault
3 participants
@barbsicle @hellobontempo @hsimon-hashicorp