Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Login Screen does not work when integrating with kubelogin #176

Open
jayxiong007 opened this issue Dec 12, 2023 · 0 comments
Open

Login Screen does not work when integrating with kubelogin #176

jayxiong007 opened this issue Dec 12, 2023 · 0 comments

Comments

@jayxiong007
Copy link

I am trying to integrate OIDC authentication plugin kubelogin https://github.com/int128/kubelogin/tree/master in a headless server. The login screen display all information requesed for login, but I am not able to enter the user name and it actually can not move to entering password. I also saw some weid characters such as "35;134;30M35;133;30M35;".

kubectl-oidc_login get-token --oidc-issuer-url=https://<domain>/adfs --oidc-client-id=<client-id> --oidc-client-secret=<client-secret>

ps -af
UID          PID    PPID  C STIME TTY          TIME CMD
jxiong     56494   55604  0 11:06 pts/0    00:00:00 kubectl-oidc_login get-token --oidc-issuer-url=https://<doamin>/adfs -
jxiong     56500   56494  0 11:06 pts/0    00:00:00 /bin/sh /usr/bin/xdg-open http://localhost:8000
jxiong     56517   56500  0 11:06 pts/0    00:00:00 bash /usr/local/bin/carbonyl http://localhost:8000
jxiong     56526   56517  0 11:06 pts/0    00:00:00 /usr/local/lib/node_modules/carbonyl/node_modules/@fathyb/carbonyl-linux-amd64/b
jxiong     56527   56526 99 11:06 pts/0    00:00:29 /usr/local/lib/node_modules/carbonyl/node_modules/@fathyb/carbonyl-linux-amd64/b
jxiong     56530   56527  0 11:06 pts/0    00:00:00 /usr/local/lib/node_modules/carbonyl/node_modules/@fathyb/carbonyl-linux-amd64/b
jxiong     56531   56527  0 11:06 pts/0    00:00:00 /usr/local/lib/node_modules/carbonyl/node_modules/@fathyb/carbonyl-linux-amd64/b
jxiong     56533   56531  0 11:06 pts/0    00:00:00 /usr/local/lib/node_modules/carbonyl/node_modules/@fathyb/carbonyl-linux-amd64/b
jxiong     56549   56530  0 11:06 pts/0    00:00:00 /usr/local/lib/node_modules/carbonyl/node_modules/@fathyb/carbonyl-linux-amd64/b
jxiong     56551   56527  0 11:06 pts/0    00:00:00 /usr/local/lib/node_modules/carbonyl/node_modules/@fathyb/carbonyl-linux-amd64/b
jxiong     56556   56533  1 11:06 pts/0    00:00:00 /usr/local/lib/node_modules/carbonyl/node_modules/@fathyb/carbonyl-linux-amd64/b

Directly invoke of the below works:
/bin/sh /usr/bin/xdg-open https://<domain>/adfs/ls?SAMLRequest=...

UID          PID    PPID  C STIME TTY          TIME CMD
jxiong     56368   55604  0 11:05 pts/0    00:00:00 /bin/sh /usr/bin/xdg-open https://<domain>/adfs/ls?SAMLRequest=hZJRS8MwFIX
jxiong     56385   56368  0 11:05 pts/0    00:00:00 bash /usr/local/bin/carbonyl https://<domain>/adfs/ls?SAMLRequest=hZJRS8Mw
jxiong     56394   56385  0 11:05 pts/0    00:00:00 /usr/local/lib/node_modules/carbonyl/node_modules/@fathyb/carbonyl-linux-amd64/b
jxiong     56395   56394 87 11:05 pts/0    00:00:15 /usr/local/lib/node_modules/carbonyl/node_modules/@fathyb/carbonyl-linux-amd64/b
jxiong     56398   56395  0 11:05 pts/0    00:00:00 /usr/local/lib/node_modules/carbonyl/node_modules/@fathyb/carbonyl-linux-amd64/b
jxiong     56399   56395  0 11:05 pts/0    00:00:00 /usr/local/lib/node_modules/carbonyl/node_modules/@fathyb/carbonyl-linux-amd64/b
jxiong     56401   56399  0 11:05 pts/0    00:00:00 /usr/local/lib/node_modules/carbonyl/node_modules/@fathyb/carbonyl-linux-amd64/b
jxiong     56415   56398  1 11:05 pts/0    00:00:00 /usr/local/lib/node_modules/carbonyl/node_modules/@fathyb/carbonyl-linux-amd64/b
jxiong     56418   56395  0 11:05 pts/0    00:00:00 /usr/local/lib/node_modules/carbonyl/node_modules/@fathyb/carbonyl-linux-amd64/b
jxiong     56423   56401  1 11:05 pts/0    00:00:00 /usr/local/lib/node_modules/carbonyl/node_modules/@fathyb/carbonyl-linux-amd64/b

kubectl-oidc_login get-token --oidc-issuer-url=https://<domain>/adfs --oidc-client-id=<client-id> --oidc-client-secret=<client-secret> -v=1

I1211 11:08:39.244831   79488 browser.go:35] starting the authentication code flow using the browser
I1211 11:08:39.245914   79488 browser.go:104] opening http://localhost:8000 in the browser
I1211 11:08:39.246169   79488 server.go:36] oauth2cli: starting a server at 127.0.0.1:8000
I1211 11:08:39.365227   79488 server.go:135] oauth2cli: sending redirect to https://<domain>/adfs/oauth2/authorize/?access_type=offline&client_id=<client-id>&nonce=GbfU_U-iZShrzPHjKo7YWs71DyxjVgc3D9BBcMuiNMo&redirect_uri=http%3A%2F%2Flocalhost%3A8000&response_type=code&scope=openid&state=AKC57-Jow7hFLLVNzBjF8oHkR-jIZHTaPfDWxsLrQXo

Based on the kubelogin trace, the browser is started at http://localhost:8000 and is redirected to https:///adfs/oauth2/authorize/?access_type=offline&client_id=&nonce=GbfU_U-iZShrzPHjKo7YWs71DyxjVgc3D9BBcMuiNMo&redirect_uri=http%3A%2F%2Flocalhost%3A8000&response_type=code&scope=openid&state=AKC57-Jow7hFLLVNzBjF8oHkR-jIZHTaPfDWxsLrQXo.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jayxiong007