Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

UI fails when RBAC is on (500 / e.method is undefined)

See original GitHub issue

Hi Everyone,

I’m facing an issue in the UI when Apcurio is configured to use Keycloak. The API works nicely with RBAC enabled. Following is the current configuration.

Version : 2.2.5.Final KafkaSQL
QUARKUS_PROFILE = prod
AUTH_ENABLED = true
CLIENT_CREDENTIALS_BASIC_AUTH_ENABLED = true
REGISTRY_UI_CONFIG_APIURL = https://<host>:<port>/apis/registry
REGISTRY_UI_CONFIG_UIURL = https://<host>:<port>/ui
REGISTRY_AUTH_ANONYMOUS_READ_ACCESS_ENABLED=true
ROLE_BASED_AUTHZ_ENABLED=true
KEYCLOAK_URL= <url for KC>
KEYCLOAK_REALM = <realm for KC>
KEYCLOAK_API_CLIENT_ID = <KC api client ID>
KEYCLOAK_UI_CLIENT_ID = <KC UI client ID>

Following are some screenshots of the issue.

UI login flow

Inside KC

Login User to Apicurio UI

This user works without any issue in APIs

As far as I see, it is an issue in the UI when it reads the userinfo response from KC. But I didn’t dig deeper into the UI code.

Thanks in advance.

Issue Analytics

State:
Created a year ago
Comments:10 (4 by maintainers)

Top GitHub Comments

1reaction

udinnetcommented, Sep 20, 2022

I could not get it working in 2.2.5.Final for some reason. Then I moved to 2.3.0.Final and enabled oidc flow for UI. In fact I was able to use client specific roles for the UI. I’ll share the setup in KC and configuration later today. Probably then we can close this ticket. Thanks for the help so far.

0reactions

udinnetcommented, Sep 30, 2022

Hi @carlesarnal yes. As mentioned in my last comment, following is the configuration that I’m using.

Version : 2.3.0.Final KafkaSQL
QUARKUS_PROFILE = prod
AUTH_ENABLED = true
CLIENT_CREDENTIALS_BASIC_AUTH_ENABLED = true
REGISTRY_UI_CONFIG_APIURL = https://<host>:<port>/apis/registry
REGISTRY_UI_CONFIG_UIURL = https://<host>:<port>/ui
REGISTRY_AUTH_ANONYMOUS_READ_ACCESS_ENABLED=true
ROLE_BASED_AUTHZ_ENABLED=true
KEYCLOAK_URL= <url for KC>
KEYCLOAK_REALM = <realm for KC>
KEYCLOAK_API_CLIENT_ID = <KC api client ID>
KEYCLOAK_UI_CLIENT_ID = <KC UI client ID>
REGISTRY_UI_AUTH_TYPE=oidc
REGISTRY_AUTH_URL_CONFIGURED=https://<KC host>/auth/realms/<realm name>
KEYCLOAK_REALM=<realm name>
REGISTRY_OIDC_UI_REDIRECT_URL=REGISTRY_UI_CONFIG_UIURL
REGISTRY_OIDC_UI_CLIENT_ID=KEYCLOAK_UI_CLIENT_ID

KC Setup

Top Results From Across the Web

Resolve the Kubernetes object access error in Amazon EKS

When you create an Amazon EKS cluster, the IAM user or role is automatically granted system:masters permissions in the cluster's RBAC ...

Releases · Apicurio/apicurio-registry - GitHub

... Derefence parameter not working #2863; [Bug][component/registry] Confluent ... UI fails when RBAC is on (500 / e.method is undefined) #2805 ...

Troubleshooting — JupyterHub 3.1.0 documentation

Launching Jupyter Notebooks to run as an externally managed JupyterHub service with the jupyterhub-singleuser command returns a JUPYTERHUB_API_TOKEN error#.

Troubleshooting Omnibus GitLab installation issues

To fix this error, follow the steps to fetch the new key. Reconfigure shows an error: NoMethodError - undefined method '[]=' for nil:NilClass....

Known Issues | Cribl Docs

Problem: When you're remotely accessing a Worker Node's UI, diag bundles might ... 2022-04-26 – v.3.4.1 – HTTP 500 error when git is...