Hello,
I just installed percona everest (HELM) with OIDC (using Authentik):
server:
oidc:
issuerUrl: “https://auth.my.domain.io/application/o/everest/”
clientId: “xxx”
scopes:
- openid
- profile
- email
- groups
Except because of the content security policy, my browser refuses to connect:
index-D5s3V9rx.js:373 Refused to connect to ‘https://auth.my.domain/application/o/everest/.well-known/openid-configuration’ because it violates the following Content Security Policy directive: “connect-src ‘self’”.
Cde @ index-D5s3V9rx.js:37Understand this error
index-D5s3V9rx.js:373 Fetch API cannot load https://auth.my.domain/application/o/everest/.well-known/openid-configuration. Refused to connect because it violates the document’s Content Security Policy.
So OIDC login does not work because of this, I can’t seem to find any setting that would help alleviate this situation.
Hello,
I’m facing a similar issue with OIDC login using Keycloak as the backend.
Usually, the first login succeeds, but after a few hours, the WebUI returns a blank page with no option to connect.
The only way to restore the login screen is to wipe browser cache and data for everest domain :
For clarity, here is the error reported by the browser (Firefox 128.11.0esr) console :
Content-Security-Policy : Les paramètres de la page ont empêché le chargement d’une ressource (frame-src) à l’adresse https://XXXXXXXX/realms/XXXXXXXXX/protocol/openid-connect/auth?client_id=XXXXXXXX&redirect_uri=XXXXXXXXX&response_type=code&scope=openid+profile+email+groups&state=XXXXX&code_challenge=XXXXXXXXX&code_challenge_method=S256&response_mode=query&prompt=none car elle enfreint la directive suivante : « default-src 'self' »
Uncaught (in promise) ErrorTimeout: IFrame timed out without a response
To be clear, the first login is working, but subsequent ones are not.
Antoine
