SSO internal error

[badsmoke]

Hey,

cool project, thanks for that.

I'm currently trying to set it up for us, we use authentik as our SSO provider.

an authentik button is also displayed when logging in.

but when i click on it i get this error

provider discovery error: Server returned invalid response: HTTP status code 404 Not Found

Request URL:
https://warpgate.test.domain.io/@warpgate/api/sso/providers/custom/start?next=%2F%40warpgate%23%2F
Request Method:
GET
Status Code:
500 Internal Server Error

its a public and vaild domain, with cert.

warpgarte config and debug logs:

sso_providers:
 - name: custom
   label: Authentik
   provider:
     type: custom
     client_id: 
     client_secret: 
     issuer_url: https://auth.test.domain.io/application/o/warpgate/.well-known/openid-configuration
     scopes: ["email"]
recordings:
  enable: true
  path: /data/recordings
external_host: warpgate.test.domain.io:443

database_url: "sqlite:/data/db"
ssh:
  enable: true
  listen: "0.0.0.0:2222"
  external_port: ~
  keys: /data/ssh-keys
  host_key_verification: prompt
  inactivity_timeout: 5m
http:
  enable: true
  listen: "0.0.0.0:8888"
  external_port: 443
  certificate: /data/tls.certificate.pem
  key: /data/tls.key.pem
  trust_x_forwarded_headers: true
  session_max_age: 30m
  cookie_max_age: 1day
.
.
.

warpgate_1  | 10.09.2024 12:24:00 DEBUG rustls::server::hs: decided upon suite TLS13_AES_256_GCM_SHA384    
warpgate_1  | 10.09.2024 12:24:00 DEBUG hyper::proto::h1::io: parsed 18 headers
warpgate_1  | 10.09.2024 12:24:00 DEBUG hyper::proto::h1::conn: incoming body is empty
warpgate_1  | 10.09.2024 12:24:00 DEBUG HTTP: reqwest::connect: starting new connection: https://auth.test.domain.io/    
warpgate_1  | 10.09.2024 12:24:00 DEBUG hyper::client::connect::dns: resolving host="auth.test.domain.io"
warpgate_1  | 10.09.2024 12:24:00 DEBUG HTTP: hyper::client::connect::http: connecting to PUBLIC_IP:443
warpgate_1  | 10.09.2024 12:24:00 DEBUG HTTP: hyper::client::connect::http: connected to PUBLIC_IP:443
warpgate_1  | 10.09.2024 12:24:00 DEBUG HTTP: rustls::client::hs: No cached session for DnsName("auth.test.domain.io")    
warpgate_1  | 10.09.2024 12:24:00 DEBUG HTTP: rustls::client::hs: Not resuming any session    
warpgate_1  | 10.09.2024 12:24:00 DEBUG HTTP: rustls::client::hs: Using ciphersuite TLS13_AES_256_GCM_SHA384    
warpgate_1  | 10.09.2024 12:24:00 DEBUG HTTP: rustls::client::tls13: Not resuming    
warpgate_1  | 10.09.2024 12:24:00 DEBUG HTTP: rustls::client::tls13: TLS1.3 encrypted extensions: [ServerNameAck, Protocols([ProtocolName(687474702f312e31)])]    
warpgate_1  | 10.09.2024 12:24:00 DEBUG HTTP: rustls::client::hs: ALPN protocol is Some(b"http/1.1")    
warpgate_1  | 10.09.2024 12:24:00 DEBUG hyper::proto::h1::io: flushed 103 bytes
warpgate_1  | 10.09.2024 12:24:01 DEBUG hyper::proto::h1::io: parsed 6 headers
warpgate_1  | 10.09.2024 12:24:01 DEBUG hyper::proto::h1::conn: incoming body is content-length (427 bytes)
warpgate_1  | 10.09.2024 12:24:01 DEBUG hyper::proto::h1::conn: incoming body completed
warpgate_1  | 10.09.2024 12:24:01 DEBUG HTTP: hyper::client::pool: pooling idle connection for ("https", auth.test.domain.io)
warpgate_1  | 10.09.2024 12:24:01 DEBUG hyper::proto::h1::io: flushed 185 bytes
warpgate_1  | 10.09.2024 12:24:01 DEBUG rustls::common_state: Sending warning alert CloseNotify    
warpgate_1  | 10.09.2024 12:24:01 DEBUG rustls::common_state: Sending warning alert CloseNotify  

a special aspect is that it hangs behind two ngins.

1. nginx receives https request and sends it via http to the 2nd nginx

thanks for your help

[Eugeny]

Hi, try using just https://auth.test.domain.io/application/o/warpgate/ (without .well-known) as issuer_url

[badsmoke]

looks good now thanks