Supermarket - redirect uri included is not valid

#1

chef-server.rb on my chef server has:

oc_id[‘applications’] = {
‘supermarket’ => {
‘redirect_uri’ => ‘https://my_supermarket_server_ip_address/auth/chef_oauth2/callback’
}
}

I ran,
sudo chef-server-ctl reconfigure

I ran the following on my supermarket server,
sudo dpkg -i supermarket_2.8.30-1_amd64.deb

I added the following in supermarket.rb on my supermarket server,

default[‘supermarket’][‘chef_oauth2_app_id’] = 'copied from supermarket.jason on chef server’
default[‘supermarket’][‘chef_oauth2_secret’] = '‘copied from supermarket.jason on chef server’'
default[‘supermarket’][‘chef_oauth2_url’] = 'https://my_chef_server_ip’
default[‘supermarket’][‘chef_oauth2_verify_ssl’] = false

I ran,
sudo supermarket-ctl reconfigure

In a browser, I open the supermarket web page. I click ‘Sign in with your Chef account’. I put in my user name and password. The next page shows I’m signed in but with an error ‘redirect uri included is not valid’.

What I missed in my steps and how to fix it?

0 Likes

#2

What value do you have if any for default['supermarket']['fqdn'] in supermarket.rb? This acts as your declared official domain name of the private Supermarket for clients (users and the Chef Server).

What appears as the value for fqdn in grep fqdn /etc/supermarket/supermarket_running.json? This is the final value used for configuring the services. It derives from either the FQDN given above or from the node’s hostname if no FQDN is specified.

This FQDN and the domain of the redirect_uri declared in chef-server.rb must be identical for the oauth trust and negotiation between systems to succeed. My current suspicion is that these do not match.

0 Likes

#3

Robbkidd,

I have the following in supermarket.rb,
default[‘supermarket’][‘fqdn’] = node[‘fqdn’].downcase

My /etc/supermarket/supermarket-running.json has,
“fqdn”: “mysupermarket.mycompany.com

My supermarket.rb has,
‘redirect_uri’ => ‘mysupermarket.mycompany.com/auth/chef_oauth2/callback

Now on my supermarket website, after logging in, I get,
Authorization Required.

I click yes.

I’m returned back to the supermarket page with the following error:
“The associated provider returned a failure message.”

How to fix this?

0 Likes

#4

My supermarket.rb has,
'redirect_uri' => 'mysupermarket.mycompany.com/auth/chef_oauth2/callback'

  1. Just to confirm, is this maybe the chef-server.rb?
  2. The redirect_uri needs to be a complete URI, so this needs the protocol scheme https:// included.
0 Likes

#5

My supermarket.json on my chef server has,
“redirect_uri”: “https://mysupermarket.mycompany.com/auth/chef_oauth2/callback

My chef-server.rb on my chef server has,
‘redirect_uri’ => ‘https://mysupermarket.mycompany.com/auth/chef_oauth2/callback

My supermarket.rb on my supermarket server has,
default[‘supermarket’][‘chef_oauth2_url’] = ‘https://mysupermarket.mycompany.com

The FQDN is set in /etc/hosts on the servers.

0 Likes

#6

This should be the URL to your Chef Server, so that Supermarket knows how to find it for authenticating users.

0 Likes

#7

Sorry I miss-typed the value for default[‘supermarket’][‘chef_oauth2_url’] here. It was actually correctly pointing to my chef server.

  1. On my chef server:

/etc/opscode/chef-server.rb has:
oc_id[‘applications’] = {
‘supermarket’ => {
‘redirect_uri’ => ‘https://mysupermarket.mycompany.com/auth/chef_oauth2/callback
}
}

/etc/opscode/oc-id-applications/supermarket.json has:
“redirect_uri”: “https://mysupermarket.mycompany.com/auth/chef_oauth2/callback

  1. On my supermarket server:

/etc/supermarket/supermarket.rb has:

default[‘supermarket’][‘fqdn’] = node[‘fqdn’].downcase - commented out

default[‘supermarket’][‘chef_oauth2_url’] = ‘https://mychefserver.mycompany.com

/etc/supermarket/supermarket-running.json has:
“fqdn”: “mysupermarket.mycompany.com”,

  1. I open my supermarket page in a browser. I log in using my chef ID/password. It asks me to authorize supermarket to use my chef account. I click yes. Then it returns to the supermarket page with this error:
    “The associated provider returned a failure message.”

I no longer have ''redirect uri included is not valid" error. I think that was caused by ‘hostname -f’ command returning localhost. I added short and FQDN in /etc/hosts, which fixed ''redirect uri included is not valid". But now I have the “The associated provider returned a failure message.” How to fix that?

  1. Another question: would IP address work in place of FQDN? I tried IP addresses but it didn’t work.
0 Likes