Dex auth error message: Bad Request Unregistered redirect_uri
search cancel

Dex auth error message: Bad Request Unregistered redirect_uri

book

Article ID: 297289

calendar_today

Updated On:

Products

VMware Tanzu Kubernetes Grid

Issue/Introduction

Using TKG on vSphere with LDAP authentication (with Gangway & Dex), you might get a "Bad Request Unregistered redirect_uri" error message if the value of staticClients:redirectURIs is not correctly set in the dex configmap.



Environment

Product Version: 1.0

Resolution

1. Edit your dex configmap YAML file and make sure that the value of redirectURIs (seen in red text below) has the IP address of a workload cluster node and the port number of the NodePort service (usually 30166). This IP address should also be the same IP address that you would use to browse the Gangway service.

For example, 03-cm.yaml: 
    ...
    staticClients:
    - id: ldap-demo2
      redirectURIs:
      - 'https://10.x.x.x:30166/callback'
    ...


2. Once the redirectURIs value is corrected in the YAML file. You should apply the changes by running the following command:

$ kubectl apply -f 03-cm.yaml
configmap/dex configured
$


3. Then restart the Dex pod by finding its name and deleting it.

$ kubectl get pods -n tanzu-system-auth
NAME                   READY   STATUS    RESTARTS   AGE
dex-6849555c67-mgrs9   1/1     Running   0          5d22h
$ kubectl -n tanzu-system-auth delete pod dex-6849555c67-mgrs9
pod "dex-6849555c67-mgrs9" deleted
$


Afterwards, list the pods again to make sure a new one is running.

$ kubectl get pods -n tanzu-system-auth
NAME                   READY   STATUS    RESTARTS   AGE
dex-6849555c67-qpdpd   1/1     Running   0          9s
$


Then try to browse the Gangway service again. The above steps should solve the issue as described.


Powered by Wolken Software