Articles in this section

See more
Self help
FAQ
["FAQ"]

Opsview - Cannot Login through OAuth2 (Secrets Keys Expired)

Avatar
ITRS Support
  • Updated
Follow

Problem

  • Users may not Login via my OAuth2 realm.
  • When logging in you are receiving Authentication Error: 

    Screenshot 2024-03-01 072646.png


Error

  • Log file: /var/log/opsview/opsview.log 
  • The error is for the client secret key has expired 
  • The example below is for Azure
    • ERROR of note: "The provided client secret keys for app X are expired." 
Mar  1 15:32:10 <hostname> ./opsview-web-server: [2024/03/01 15:32:10] [Catalyst.Authentication.Credential.OpsviewOAuth2] [Catalyst::Authentication::Credential::OpsviewOAuth2::request_access_token:158] [ERROR] Error requesting accessing token: "{\"error\":\"invalid_client\",\"error_description\":\"EADFTS7000262: The provided client secret keys for app 'bc46ec8b-flkyt-486a-l743-avh3k61vl2125' are expired. Visit the Azure portal to create new keys for your app: https://aka.ms/NewClientSecret, or consider using certificate credentials for added security: https://aka.ms/certCreds. Trace ID: 39c141cc-0206-4812-8ddb-799bb0282d00 Correlation ID: 949d889e-fc3b-41f0-8346-eaf7dbe26aa3 Timestamp: 2024-03-01 15:32:10Z\",\"error_codes\":[7000222],\"timestamp\":\"2024-03-01 15:32:10Z\",\"trace_id\":\"39c141cc-0206-4812-8ddb-799bb0282d00\",\"correlation_id\":\"fj44889e-fc3b-41f0-dk33-eaf7dbe26aa3\",\"error_uri\":\"https://login.microsoftonline.com/error?code=7000222\"}"

 

Resolution

  • Create new keys within your OAuth2 realm e.g Azure Portal
  • Update your Opsview orchestrator server with them
    • File to update: /opt/opsview/deploy/etc/user_vars.yml
    • Lines to replace: client_secret


  • Run the orchestrator-install.yml playbook to push out the updated configuration
    • Note: Ensure your "opsview_repository_version" within your orchestrators /opt/opsview/deploy/etc/user_vars.yml matches your current version of Opsview otherwise you may upgrade your Opsview version unintentionally 
    • Check your opsview version via your UI "My System" page
    • Obtain the exact Opsview version string to place in your user_vars.yml file by checking the Opsview Components page e.g. Link here and it is the number in red under each release

/opt/opsview/deploy/bin/opsview-deploy /opt/opsview/deploy/lib/playbooks/orchestrator-install.yml


    Tags:
  • exported_docs_10_05_24

Related articles

Comments

0 comments

Article is closed for comments.