Problem
- Users may not Login via my OAuth2 realm.
- When logging in you are receiving Authentication Error:
Error
- Log file: /var/log/opsview/opsview.log
- The error is for the client secret key has expired
- The example below is for Azure
- ERROR of note:
"The provided client secret keys for app X are expired."
- ERROR of note:
Mar 1 15:32:10 <hostname> ./opsview-web-server: [2024/03/01 15:32:10] [Catalyst.Authentication.Credential.OpsviewOAuth2] [Catalyst::Authentication::Credential::OpsviewOAuth2::request_access_token:158] [ERROR] Error requesting accessing token: "{\"error\":\"invalid_client\",\"error_description\":\"EADFTS7000262: The provided client secret keys for app 'bc46ec8b-flkyt-486a-l743-avh3k61vl2125' are expired. Visit the Azure portal to create new keys for your app: https://aka.ms/NewClientSecret, or consider using certificate credentials for added security: https://aka.ms/certCreds. Trace ID: 39c141cc-0206-4812-8ddb-799bb0282d00 Correlation ID: 949d889e-fc3b-41f0-8346-eaf7dbe26aa3 Timestamp: 2024-03-01 15:32:10Z\",\"error_codes\":[7000222],\"timestamp\":\"2024-03-01 15:32:10Z\",\"trace_id\":\"39c141cc-0206-4812-8ddb-799bb0282d00\",\"correlation_id\":\"fj44889e-fc3b-41f0-dk33-eaf7dbe26aa3\",\"error_uri\":\"https://login.microsoftonline.com/error?code=7000222\"}"
Resolution
- Create new keys within your OAuth2 realm e.g Azure Portal
- Update your Opsview orchestrator server with them
- File to update: /opt/opsview/deploy/etc/user_vars.yml
-
Lines to replace: client_secret
- Run the orchestrator-install.yml playbook to push out the updated configuration
- Note: Ensure your "opsview_repository_version" within your orchestrators /opt/opsview/deploy/etc/user_vars.yml matches your current version of Opsview otherwise you may upgrade your Opsview version unintentionally
- Check your opsview version via your UI "My System" page
- Obtain the exact Opsview version string to place in your user_vars.yml file by checking the Opsview Components page e.g. Link here and it is the number in red under each release
/opt/opsview/deploy/bin/opsview-deploy /opt/opsview/deploy/lib/playbooks/orchestrator-install.yml
-
Tags:
- exported_docs_10_05_24
Comments
0 comments
Article is closed for comments.