Using auth0, both SAML and OIDC fail intermittently. For SAML, one gets a 502 going to /auth/realms/appsmith/protocol/openid-connect/auth if already logged in to the provider. For OIDC, intermittently redirects to https://user/login?error=true with no host.
Hey @chorn!
Welcome to the Appsmith community.
IdP - Auth0, SAML/OIDC
We’ll need the server logs to understand the problem here. Can you please follow the steps from this guide on how to get the logs
[2023-03-27 19:00:36,064] - [c70b8cd4-3, L:/10.42.15.131:56308 - R:id.int.nowsecure.io/104.16.83.103:443] The connection observed an error, the request cannot be retried as the headers/body were sent
io.netty.channel.unix.Errors$NativeIoException: recvAddress(..) failed: Connection reset by peer
[2023-03-27 19:00:36,065] - [162a1a72-752] 500 Server Error for HTTP GET "/login/oauth2/code/oidc?code=BiFGUJx28hIaVqsfO1Nm-pR6xR3bLhWSJx9FKnKri_1Qm&state=u_GWlOp6_mH2fgbe0sRxc48__4BD5xPvM0t4qfz5NmM%40origin-%2Fapplications"
org.springframework.web.reactive.function.client.WebClientRequestException: recvAddress(..) failed: Connection reset by peer
at org.springframework.web.reactive.function.client.ExchangeFunctions$DefaultExchangeFunction.lambda$wrapException$9(ExchangeFunctions.java:136)
Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException:
Error has been observed at the following site(s):
*__checkpoint ⇢ Request to POST https://id.int.nowsecure.io/oauth/token [DefaultWebClient]
*__checkpoint ⇢ OAuth2LoginAuthenticationWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ AuthenticationWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ OAuth2AuthorizationRequestRedirectWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ AuthenticationWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ ReactorContextWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ HttpHeaderWriterWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ ServerWebExchangeReactorContextWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ org.springframework.security.web.server.WebFilterChainProxy [DefaultWebFilterChain]
*__checkpoint ⇢ org.springframework.web.filter.reactive.ServerHttpObservationFilter [DefaultWebFilterChain]
*__checkpoint ⇢ HTTP GET "/login/oauth2/code/oidc?code=BiFGUJx28hIaVqsfO1Nm-pR6xR3bLhWSJx9FKnKri_1Qm&state=u_GWlOp6_mH2fgbe0sRxc48__4BD5xPvM0t4qfz5NmM%40origin-%2Fapplications" [ExceptionHandlingWebHandler]
Original Stack Trace:
at org.springframework.web.reactive.function.client.ExchangeFunctions$DefaultExchangeFunction.lambda$wrapException$9(ExchangeFunctions.java:136)
at reactor.core.publisher.MonoErrorSupplied.subscribe(MonoErrorSupplied.java:55)
at reactor.core.publisher.Mono.subscribe(Mono.java:4444)
at reactor.core.publisher.FluxOnErrorResume$ResumeSubscriber.onError(FluxOnErrorResume.java:103)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onError(MDCConfig.java:58)
at reactor.core.publisher.FluxPeek$PeekSubscriber.onError(FluxPeek.java:222)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onError(MDCConfig.java:58)
at reactor.core.publisher.FluxPeek$PeekSubscriber.onError(FluxPeek.java:222)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onError(MDCConfig.java:58)
at reactor.core.publisher.FluxPeek$PeekSubscriber.onError(FluxPeek.java:222)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onError(MDCConfig.java:58)
at reactor.core.publisher.MonoNext$NextSubscriber.onError(MonoNext.java:93)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onError(MDCConfig.java:58)
at reactor.core.publisher.MonoFlatMapMany$FlatMapManyMain.onError(MonoFlatMapMany.java:204)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onError(MDCConfig.java:58)
at reactor.core.publisher.SerializedSubscriber.onError(SerializedSubscriber.java:124)
at reactor.core.publisher.FluxRetryWhen$RetryWhenMainSubscriber.whenError(FluxRetryWhen.java:225)
at reactor.core.publisher.FluxRetryWhen$RetryWhenOtherSubscriber.onError(FluxRetryWhen.java:274)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onError(MDCConfig.java:58)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onError(MDCConfig.java:58)
at reactor.core.publisher.FluxContextWrite$ContextWriteSubscriber.onError(FluxContextWrite.java:121)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onError(MDCConfig.java:58)
at reactor.core.publisher.FluxConcatMapNoPrefetch$FluxConcatMapNoPrefetchSubscriber.maybeOnError(FluxConcatMapNoPrefetch.java:326)
at reactor.core.publisher.FluxConcatMapNoPrefetch$FluxConcatMapNoPrefetchSubscriber.innerError(FluxConcatMapNoPrefetch.java:297)
at reactor.core.publisher.FluxConcatMap$ConcatMapInner.onError(FluxConcatMap.java:875)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onError(MDCConfig.java:58)
at reactor.core.publisher.Operators.error(Operators.java:198)
at reactor.core.publisher.MonoError.subscribe(MonoError.java:53)
at reactor.core.publisher.Mono.subscribe(Mono.java:4444)
at reactor.core.publisher.FluxConcatMapNoPrefetch$FluxConcatMapNoPrefetchSubscriber.onNext(FluxConcatMapNoPrefetch.java:206)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:53)
at reactor.core.publisher.FluxContextWrite$ContextWriteSubscriber.onNext(FluxContextWrite.java:107)
at reactor.core.publisher.SinkManyEmitterProcessor.drain(SinkManyEmitterProcessor.java:471)
at reactor.core.publisher.SinkManyEmitterProcessor$EmitterInner.drainParent(SinkManyEmitterProcessor.java:615)
at reactor.core.publisher.FluxPublish$PubSubInner.request(FluxPublish.java:602)
at reactor.core.publisher.FluxContextWrite$ContextWriteSubscriber.request(FluxContextWrite.java:136)
at reactor.core.publisher.FluxConcatMapNoPrefetch$FluxConcatMapNoPrefetchSubscriber.request(FluxConcatMapNoPrefetch.java:336)
at reactor.core.publisher.FluxContextWrite$ContextWriteSubscriber.request(FluxContextWrite.java:136)
at reactor.core.publisher.Operators$DeferredSubscription.request(Operators.java:1717)
at reactor.core.publisher.FluxRetryWhen$RetryWhenMainSubscriber.onError(FluxRetryWhen.java:192)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onError(MDCConfig.java:58)
at reactor.core.publisher.MonoCreate$DefaultMonoSink.error(MonoCreate.java:201)
at reactor.netty.http.client.HttpClientConnect$HttpObserver.onUncaughtException(HttpClientConnect.java:399)
at reactor.netty.ReactorNetty$CompositeConnectionObserver.onUncaughtException(ReactorNetty.java:698)
at reactor.netty.resources.DefaultPooledConnectionProvider$DisposableAcquire.onUncaughtException(DefaultPooledConnectionProvider.java:213)
at reactor.netty.resources.DefaultPooledConnectionProvider$PooledConnection.onUncaughtException(DefaultPooledConnectionProvider.java:466)
at reactor.netty.channel.FluxReceive.drainReceiver(FluxReceive.java:245)
at reactor.netty.channel.FluxReceive.onInboundError(FluxReceive.java:466)
at reactor.netty.channel.ChannelOperations.onInboundError(ChannelOperations.java:495)
at reactor.netty.channel.ChannelOperationsHandler.exceptionCaught(ChannelOperationsHandler.java:144)
at io.netty.channel.AbstractChannelHandlerContext.invokeExceptionCaught(AbstractChannelHandlerContext.java:346)
at io.netty.channel.AbstractChannelHandlerContext.invokeExceptionCaught(AbstractChannelHandlerContext.java:325)
at io.netty.channel.AbstractChannelHandlerContext.fireExceptionCaught(AbstractChannelHandlerContext.java:317)
at io.netty.channel.CombinedChannelDuplexHandler$DelegatingChannelHandlerContext.fireExceptionCaught(CombinedChannelDuplexHandler.java:424)
at io.netty.channel.ChannelHandlerAdapter.exceptionCaught(ChannelHandlerAdapter.java:92)
at io.netty.channel.CombinedChannelDuplexHandler$1.fireExceptionCaught(CombinedChannelDuplexHandler.java:145)
at io.netty.channel.ChannelInboundHandlerAdapter.exceptionCaught(ChannelInboundHandlerAdapter.java:143)
at io.netty.channel.CombinedChannelDuplexHandler.exceptionCaught(CombinedChannelDuplexHandler.java:231)
at io.netty.channel.AbstractChannelHandlerContext.invokeExceptionCaught(AbstractChannelHandlerContext.java:346)
at io.netty.channel.AbstractChannelHandlerContext.invokeExceptionCaught(AbstractChannelHandlerContext.java:325)
at io.netty.channel.AbstractChannelHandlerContext.fireExceptionCaught(AbstractChannelHandlerContext.java:317)
at io.netty.handler.ssl.SslHandler.exceptionCaught(SslHandler.java:1105)
at io.netty.channel.AbstractChannelHandlerContext.invokeExceptionCaught(AbstractChannelHandlerContext.java:346)
at io.netty.channel.AbstractChannelHandlerContext.invokeExceptionCaught(AbstractChannelHandlerContext.java:325)
at io.netty.channel.AbstractChannelHandlerContext.fireExceptionCaught(AbstractChannelHandlerContext.java:317)
at io.netty.channel.DefaultChannelPipeline$HeadContext.exceptionCaught(DefaultChannelPipeline.java:1377)
at io.netty.channel.AbstractChannelHandlerContext.invokeExceptionCaught(AbstractChannelHandlerContext.java:346)
at io.netty.channel.AbstractChannelHandlerContext.invokeExceptionCaught(AbstractChannelHandlerContext.java:325)
at io.netty.channel.DefaultChannelPipeline.fireExceptionCaught(DefaultChannelPipeline.java:907)
at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.handleReadException(AbstractEpollStreamChannel.java:728)
at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:826)
at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:499)
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:397)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: io.netty.channel.unix.Errors$NativeIoException: recvAddress(..) failed: Connection reset by peer
[2023-03-27 19:00:37,179] - In the login failure handler. Cause: [authorization_request_not_found]
org.springframework.security.oauth2.core.OAuth2AuthenticationException: [authorization_request_not_found]
at org.springframework.security.config.web.server.ServerHttpSecurity$OAuth2LoginSpec.lambda$getAuthenticationConverter$0(ServerHttpSecurity.java:3551)
at reactor.core.publisher.Mono.lambda$onErrorMap$27(Mono.java:3749)
at reactor.core.publisher.Mono.lambda$onErrorResume$29(Mono.java:3839)
at reactor.core.publisher.FluxOnErrorResume$ResumeSubscriber.onError(FluxOnErrorResume.java:94)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onError(MDCConfig.java:58)
at reactor.core.publisher.MonoFlatMap$FlatMapMain.onError(MonoFlatMap.java:180)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onError(MDCConfig.java:58)
at reactor.core.publisher.Operators$MultiSubscriptionSubscriber.onError(Operators.java:2210)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onError(MDCConfig.java:58)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onError(MDCConfig.java:58)
at reactor.core.publisher.Operators.error(Operators.java:198)
at reactor.core.publisher.MonoError.subscribe(MonoError.java:53)
at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:64)
at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:52)
at reactor.core.publisher.Mono.subscribe(Mono.java:4444)
at reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onComplete(FluxSwitchIfEmpty.java:82)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:63)
at reactor.core.publisher.MonoFlatMap$FlatMapMain.onComplete(MonoFlatMap.java:189)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:63)
at reactor.core.publisher.FluxFilter$FilterSubscriber.onComplete(FluxFilter.java:166)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:63)
at reactor.core.publisher.FluxMap$MapSubscriber.onComplete(FluxMap.java:144)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:63)
at reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1840)
at reactor.core.publisher.MonoCacheTime$CoordinatorSubscriber.signalCached(MonoCacheTime.java:337)
at reactor.core.publisher.MonoCacheTime$CoordinatorSubscriber.onNext(MonoCacheTime.java:354)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:53)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:53)
at reactor.core.publisher.FluxPeek$PeekSubscriber.onNext(FluxPeek.java:200)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:53)
at reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onNext(FluxSwitchIfEmpty.java:74)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:53)
at reactor.core.publisher.MonoNext$NextSubscriber.onNext(MonoNext.java:82)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:53)
at reactor.core.publisher.FluxConcatMapNoPrefetch$FluxConcatMapNoPrefetchSubscriber.innerNext(FluxConcatMapNoPrefetch.java:258)
at reactor.core.publisher.FluxConcatMap$ConcatMapInner.onNext(FluxConcatMap.java:863)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:53)
at reactor.core.publisher.FluxMap$MapSubscriber.onNext(FluxMap.java:122)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:53)
at reactor.core.publisher.FluxPeek$PeekSubscriber.onNext(FluxPeek.java:200)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:53)
at reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onNext(FluxSwitchIfEmpty.java:74)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:53)
at reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onNext(FluxMapFuseable.java:129)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:53)
at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
at reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onNext(FluxFilterFuseable.java:118)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:53)
at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
at reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onNext(FluxMapFuseable.java:129)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:53)
at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
at reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onNext(FluxFilterFuseable.java:118)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onNext(MDCConfig.java:53)
at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)
at reactor.core.publisher.Operators$BaseFluxToMonoOperator.completePossiblyEmpty(Operators.java:2071)
at reactor.core.publisher.MonoCollect$CollectSubscriber.onComplete(MonoCollect.java:145)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:63)
at reactor.core.publisher.FluxUsingWhen$UsingWhenSubscriber.deferredComplete(FluxUsingWhen.java:392)
at reactor.core.publisher.FluxUsingWhen$CommitInner.onComplete(FluxUsingWhen.java:527)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:63)
at reactor.core.publisher.MonoIgnoreElements$IgnoreElementsSubscriber.onComplete(MonoIgnoreElements.java:89)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:63)
at reactor.core.publisher.FluxFlatMap$FlatMapMain.checkTerminated(FluxFlatMap.java:824)
at reactor.core.publisher.FluxFlatMap$FlatMapMain.drainLoop(FluxFlatMap.java:608)
at reactor.core.publisher.FluxFlatMap$FlatMapMain.drain(FluxFlatMap.java:588)
at reactor.core.publisher.FluxFlatMap$FlatMapMain.onComplete(FluxFlatMap.java:465)
at reactor.core.publisher.FluxArray$ArraySubscription.slowPath(FluxArray.java:138)
at reactor.core.publisher.FluxArray$ArraySubscription.request(FluxArray.java:100)
at reactor.core.publisher.FluxFlatMap$FlatMapMain.onSubscribe(FluxFlatMap.java:371)
at reactor.core.publisher.FluxMerge.subscribe(FluxMerge.java:70)
at reactor.core.publisher.Mono.subscribe(Mono.java:4444)
at reactor.core.publisher.FluxUsingWhen$UsingWhenSubscriber.onComplete(FluxUsingWhen.java:384)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:63)
at reactor.core.publisher.FluxMap$MapSubscriber.onComplete(FluxMap.java:144)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:63)
at reactor.core.publisher.FluxFlatMap$FlatMapMain.checkTerminated(FluxFlatMap.java:846)
at reactor.core.publisher.FluxFlatMap$FlatMapMain.drainLoop(FluxFlatMap.java:608)
at reactor.core.publisher.FluxFlatMap$FlatMapMain.innerComplete(FluxFlatMap.java:894)
at reactor.core.publisher.FluxFlatMap$FlatMapInner.onComplete(FluxFlatMap.java:997)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:63)
at reactor.core.publisher.FluxMap$MapSubscriber.onComplete(FluxMap.java:144)
at com.appsmith.server.configurations.MDCConfig$MdcContextLifter.onComplete(MDCConfig.java:63)
at io.lettuce.core.RedisPublisher$ImmediateSubscriber.onComplete(RedisPublisher.java:896)
at io.lettuce.core.RedisPublisher$State.onAllDataRead(RedisPublisher.java:698)
at io.lettuce.core.RedisPublisher$State$3.read(RedisPublisher.java:608)
at io.lettuce.core.RedisPublisher$State$3.onDataAvailable(RedisPublisher.java:565)
at io.lettuce.core.RedisPublisher$RedisSubscription.onDataAvailable(RedisPublisher.java:326)
at io.lettuce.core.RedisPublisher$RedisSubscription.onAllDataRead(RedisPublisher.java:341)
at io.lettuce.core.RedisPublisher$SubscriptionCommand.doOnComplete(RedisPublisher.java:778)
at io.lettuce.core.protocol.CommandWrapper.complete(CommandWrapper.java:65)
at io.lettuce.core.protocol.CommandWrapper.complete(CommandWrapper.java:63)
at io.lettuce.core.protocol.CommandHandler.complete(CommandHandler.java:747)
at io.lettuce.core.protocol.CommandHandler.decode(CommandHandler.java:682)
at io.lettuce.core.protocol.CommandHandler.channelRead(CommandHandler.java:599)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:800)
at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:499)
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:397)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:833)
Hi @chorn
Thank you for the information provided.
Our team is already looking into this and we’ll reach out to you once we have any helpful information.
Hello @chorn! The logs show that the POST request to https://id.int.nowsecure.io/oauth/token is failing.
To check if this endpoint is accessible from inside your Appsmith container, please run the following command and send us the output:
docker-compose exec appsmith curl -v https://id.int.nowsecure.io/
kubectl exec -n conductor appsmith-6c9f98c55f-x6qb7 -- curl -v https://id.int.nowsecure.io/
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 104.16.82.103:443...
* TCP_NODELAY set
* Connected to id.int.nowsecure.io (104.16.82.103) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [19 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [4037 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=id.int.nowsecure.io
* start date: Mar 18 22:05:09 2023 GMT
* expire date: Jun 16 22:05:08 2023 GMT
* subjectAltName: host "id.int.nowsecure.io" matched cert's "id.int.nowsecure.io"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* Using Stream ID: 1 (easy handle 0x5597eb1c98e0)
} [5 bytes data]
> GET / HTTP/2
> Host: id.int.nowsecure.io
> user-agent: curl/7.68.0
> accept: */*
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [238 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [238 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
} [5 bytes data]
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0Found. Redirecting to https://int.nowsecure.io/< HTTP/2 302
< date: Tue, 28 Mar 2023 14:56:31 GMT
< content-type: text/plain; charset=utf-8
< content-length: 47
< location: https://int.nowsecure.io/
< cf-ray: 7af0b862daabc3a5-SEA
< cache-control: public, max-age=60
< strict-transport-security: max-age=31536000
< vary: Accept
< cf-cache-status: DYNAMIC
< ot-baggage-auth0-request-id: 7af0b862daabc3a5
< ot-tracer-sampled: true
< ot-tracer-spanid: 3b5b50ed145cf72f
< ot-tracer-traceid: 0ac18156472a44cd
< traceparent: 00-00000000000000000ac18156472a44cd-3b5b50ed145cf72f-01
< tracestate: auth0-request-id=7af0b862daabc3a5,auth0=true
< x-auth0-requestid: 8ab6c223d31beb1cab70
< x-content-type-options: nosniff
< server: cloudflare
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
<
{ [47 bytes data]
100 47 100 47 0 0 105 0 --:--:-- --:--:-- --:--:-- 105
* Connection #0 to host id.int.nowsecure.io left intact
Hey @chorn, sorry for the delay in getting back.
I see that the curl command to make that request was indeed successful, and going by your original message of,
For OIDC, intermittently redirects to
(emphasis mine)
I think the server at id.int.nowsecure.io is intermittently not reachable, and isn’t accepting connections, at which point OIDC in Appsmith fails. I’d recommend confirming this, perhaps by monitoring if that endpoint is continuously reachable? The failure should’ve been communicated better, with the redirect URL not missing the host etc., this is something we’ve already opened an issue and are prioritizing internally.
Also, regarding
For SAML, one gets a 502 going to
/auth/realms/appsmith/protocol/openid-connect/authif already logged in to the provider
Can you share the logs from the stacks/logs/backend and stacks/logs/keycloak please?
Thanks.