question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

UI fails when RBAC is on (500 / e.method is undefined)

See original GitHub issue

Hi Everyone,

I’m facing an issue in the UI when Apcurio is configured to use Keycloak. The API works nicely with RBAC enabled. Following is the current configuration.

Version : 2.2.5.Final KafkaSQL
QUARKUS_PROFILE = prod
AUTH_ENABLED = true
CLIENT_CREDENTIALS_BASIC_AUTH_ENABLED = true
REGISTRY_UI_CONFIG_APIURL = https://<host>:<port>/apis/registry
REGISTRY_UI_CONFIG_UIURL = https://<host>:<port>/ui
REGISTRY_AUTH_ANONYMOUS_READ_ACCESS_ENABLED=true
ROLE_BASED_AUTHZ_ENABLED=true
KEYCLOAK_URL= <url for KC>
KEYCLOAK_REALM = <realm for KC>
KEYCLOAK_API_CLIENT_ID = <KC api client ID>
KEYCLOAK_UI_CLIENT_ID = <KC UI client ID>

Following are some screenshots of the issue.

UI login flow

image image image image image image image

Inside KC

image image image image

Login User to Apicurio UI

This user works without any issue in APIs

image

As far as I see, it is an issue in the UI when it reads the userinfo response from KC. But I didn’t dig deeper into the UI code.

Thanks in advance.

Issue Analytics

  • State:closed
  • Created a year ago
  • Comments:10 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
udinnetcommented, Sep 20, 2022

I could not get it working in 2.2.5.Final for some reason. Then I moved to 2.3.0.Final and enabled oidc flow for UI. In fact I was able to use client specific roles for the UI. I’ll share the setup in KC and configuration later today. Probably then we can close this ticket. Thanks for the help so far.

0reactions
udinnetcommented, Sep 30, 2022

Hi @carlesarnal yes. As mentioned in my last comment, following is the configuration that I’m using.

Version : 2.3.0.Final KafkaSQL
QUARKUS_PROFILE = prod
AUTH_ENABLED = true
CLIENT_CREDENTIALS_BASIC_AUTH_ENABLED = true
REGISTRY_UI_CONFIG_APIURL = https://<host>:<port>/apis/registry
REGISTRY_UI_CONFIG_UIURL = https://<host>:<port>/ui
REGISTRY_AUTH_ANONYMOUS_READ_ACCESS_ENABLED=true
ROLE_BASED_AUTHZ_ENABLED=true
KEYCLOAK_URL= <url for KC>
KEYCLOAK_REALM = <realm for KC>
KEYCLOAK_API_CLIENT_ID = <KC api client ID>
KEYCLOAK_UI_CLIENT_ID = <KC UI client ID>
REGISTRY_UI_AUTH_TYPE=oidc
REGISTRY_AUTH_URL_CONFIGURED=https://<KC host>/auth/realms/<realm name>
KEYCLOAK_REALM=<realm name>
REGISTRY_OIDC_UI_REDIRECT_URL=REGISTRY_UI_CONFIG_UIURL
REGISTRY_OIDC_UI_CLIENT_ID=KEYCLOAK_UI_CLIENT_ID

KC Setup image image image image

Read more comments on GitHub >

github_iconTop Results From Across the Web

Resolve the Kubernetes object access error in Amazon EKS
When you create an Amazon EKS cluster, the IAM user or role is automatically granted system:masters permissions in the cluster's RBAC ...
Read more >
Releases · Apicurio/apicurio-registry - GitHub
... Derefence parameter not working #2863; [Bug][component/registry] Confluent ... UI fails when RBAC is on (500 / e.method is undefined) #2805 ...
Read more >
Troubleshooting — JupyterHub 3.1.0 documentation
Launching Jupyter Notebooks to run as an externally managed JupyterHub service with the jupyterhub-singleuser command returns a JUPYTERHUB_API_TOKEN error#.
Read more >
Troubleshooting Omnibus GitLab installation issues
To fix this error, follow the steps to fetch the new key. Reconfigure shows an error: NoMethodError - undefined method '[]=' for nil:NilClass....
Read more >
Known Issues | Cribl Docs
Problem: When you're remotely accessing a Worker Node's UI, diag bundles might ... 2022-04-26 – v.3.4.1 – HTTP 500 error when git is...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found