Multitenant configuration #15
Description
Selecting a multitenant configuration by setting
ckanext.azure_auth.tenant_id = commonthe authentication fails in this way:
ckan | 2022-08-08 11:13:29,648 INFO [ckanext.azure_auth.auth_config] Loaded settings from ADFS server.
ckan | 2022-08-08 11:13:29,648 INFO [ckanext.azure_auth.auth_config] operating mode: openid_connect
ckan | 2022-08-08 11:13:29,649 INFO [ckanext.azure_auth.auth_config] authorization endpoint: https://login.microsoftonline.com/common/oauth2/authorize
ckan | 2022-08-08 11:13:29,650 INFO [ckanext.azure_auth.auth_config] token endpoint: https://login.microsoftonline.com/common/oauth2/token
ckan | 2022-08-08 11:13:29,651 INFO [ckanext.azure_auth.auth_config] end session endpoint: https://login.microsoftonline.com/common/oauth2/logout
ckan | 2022-08-08 11:13:29,651 INFO [ckanext.azure_auth.auth_config] issuer: https://sts.windows.net/{tenantid}/
ckan | 2022-08-08 11:13:29,652 DEBUG [ckanext.azure_auth.auth_backend] Received authorization code: [...]
ckan | 2022-08-08 11:13:29,652 DEBUG [ckanext.azure_auth.auth_backend] Getting access token at: https://login.microsoftonline.com/common/oauth2/token
ckan | 2022-08-08 11:13:29,796 DEBUG [ckanext.azure_auth.auth_backend] Received access token: [...]
ckan | 2022-08-08 11:13:29,799 INFO [ckanext.azure_auth.auth_backend] Invalid issuer
ckan | 2022-08-08 11:13:29,799 DEBUG [ckanext.azure_auth.controllers]
ckan | 2022-08-08 11:13:29,800 ERROR [ckan.config.middleware.flask_app] 400 Bad Request: No authorization code was provided.
ckan | Traceback (most recent call last):
ckan | File "/usr/lib/ckan/venv/src/ckanext-azure-auth/ckanext/azure_auth/auth_backend.py", line 109, in validate_access_token
ckan | leeway=config['ckanext.azure_auth.jwt_leeway'],
ckan | File "/usr/lib/ckan/venv/lib/python3.7/site-packages/jwt/api_jwt.py", line 104, in decode
ckan | self._validate_claims(payload, merged_options, **kwargs)
ckan | File "/usr/lib/ckan/venv/lib/python3.7/site-packages/jwt/api_jwt.py", line 137, in _validate_claims
ckan | self._validate_iss(payload, issuer)
ckan | File "/usr/lib/ckan/venv/lib/python3.7/site-packages/jwt/api_jwt.py", line 214, in _validate_iss
ckan | raise InvalidIssuerError('Invalid issuer')
ckan | jwt.exceptions.InvalidIssuerError: Invalid issuer
ckan |
ckan | During handling of the above exception, another exception occurred:
ckan |
ckan | Traceback (most recent call last):
ckan | File "/usr/lib/ckan/venv/src/ckanext-azure-auth/ckanext/azure_auth/controllers.py", line 36, in login_callback
ckan | user = auth_backend.authenticate_with_code(authorization_code=code)
ckan | File "/usr/lib/ckan/venv/src/ckanext-azure-auth/ckanext/azure_auth/auth_backend.py", line 226, in authenticate_with_code
ckan | user = self.process_access_token(access_token, adfs_response)
ckan | File "/usr/lib/ckan/venv/src/ckanext-azure-auth/ckanext/azure_auth/auth_backend.py", line 131, in process_access_token
ckan | claims = self.validate_access_token(adfs_response['id_token'])
ckan | File "/usr/lib/ckan/venv/src/ckanext-azure-auth/ckanext/azure_auth/auth_backend.py", line 124, in validate_access_token
ckan | raise PermissionError
ckan | PermissionError
ckan |
ckan | During handling of the above exception, another exception occurred:
ckan |
ckan | Traceback (most recent call last):
ckan | File "/usr/lib/ckan/venv/lib/python3.7/site-packages/flask/app.py", line 1949, in full_dispatch_request
ckan | rv = self.dispatch_request()
ckan | File "/usr/lib/ckan/venv/lib/python3.7/site-packages/flask/app.py", line 1935, in dispatch_request
ckan | return self.view_functions[rule.endpoint](**req.view_args)
ckan | File "/usr/lib/ckan/venv/src/ckanext-azure-auth/ckanext/azure_auth/controllers.py", line 51, in login_callback
ckan | base.abort(400, 'No authorization code was provided.')
ckan | File "/usr/lib/ckan/venv/src/ckan/ckan/lib/base.py", line 66, in abort
ckan | flask_abort(status_code, detail)
ckan | File "/usr/lib/ckan/venv/lib/python3.7/site-packages/werkzeug/exceptions.py", line 822, in abort
ckan | return _aborter(status, *args, **kwargs)
ckan | File "/usr/lib/ckan/venv/lib/python3.7/site-packages/werkzeug/exceptions.py", line 807, in __call__
ckan | raise self.mapping[code](*args, **kwargs)
ckan | werkzeug.exceptions.BadRequest: 400 Bad Request: No authorization code was provided.