Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"illegal base64 data at input byte 2174" when working with Dex Ldap connector when groupSearch is enabled #2917

Closed
reggie-k opened this issue Dec 25, 2019 · 8 comments · Fixed by #5497
Closed

"illegal base64 data at input byte 2174" when working with Dex Ldap connector when groupSearch is enabled #2917

reggie-k opened this issue Dec 25, 2019 · 8 comments · Fixed by #5497
Assignees
@kshamajain99
Labels
bug Something isn't working component:sso Issues related to Argo CD configurations good first issue Good for newcomers help wanted Extra attention is needed
Milestone
v2.0

Comments

@reggie-k
Copy link
Member

reggie-k commented Dec 25, 2019
edited by jessesuen
Loading

I am using ArgoCD version, argocd:v1.3.0, dex version dex:v2.14.0.
Have configured Dex connector for LDAP, and since then I am able to login to Argo.
Noted that the groups of the user are empty:
time="2019-12-25T09:55:13Z" level=info msg="login successful: connector "ldap", username="MY_USER", email="MY_USER@MY_EMAIL_DOMAIN", groups=[]"

Reviewed my dex ldap config and realized the userAttr under groupSearch was wrong, fixed it.
The next LDAP login to ArgoCD, which was supposed to bring the groups along, failed with:

illegal base64 data at input byte 2174

From ArgoCD logs during the login:

time="2019-12-25T09:58:56Z" level=info msg="Performing authorization_code flow login: https://myargo.mydomain.com/api/dex/auth?client_id=argo-cd&redirect_uri=https%3A%2F%2Fmyargo.mydomain.com%2Fauth%2Fcallback&response_type=code&scope=openid+profile+email+groups&state=OCdjvsGxRR "
time="2019-12-25T09:58:57Z" level=info msg="Callback: /auth/callback?code=MY_CODE&state=OCdjvsGxRR"
2019/12/25 09:59:57 http: panic serving 10.11.8.1:43130: interface conversion: interface {} is nil, not []interface {}
goroutine 307362 [running]:
net/http.(*conn).serve.func1(0xc000d6f400)
	/usr/local/go/src/net/http/server.go:1769 +0x139
panic(0x1a1c8c0, 0xc000e6fbc0)
	/usr/local/go/src/runtime/panic.go:522 +0x1b5
github.com/argoproj/argo-cd/util/webhook.affectedRevisionInfo(0x1b39700, 0xc00038a780, 0x0, 0x0, 0x0, 0x0, 0x0)
	/go/src/github.com/argoproj/argo-cd/util/webhook/webhook.go:116 +0xce9
github.com/argoproj/argo-cd/util/webhook.(*ArgoCDWebhookHandler).HandleEvent(0xc0003785f0, 0x1b39700, 0xc00038a780)
	/go/src/github.com/argoproj/argo-cd/util/webhook/webhook.go:144 +0x50
github.com/argoproj/argo-cd/util/webhook.(*ArgoCDWebhookHandler).Handler(0xc0003785f0, 0x20042e0, 0xc000e30b60, 0xc001612600)
	/go/src/github.com/argoproj/argo-cd/util/webhook/webhook.go:217 +0x16f
net/http.HandlerFunc.ServeHTTP(0xc000791c10, 0x20042e0, 0xc000e30b60, 0xc001612600)
	/usr/local/go/src/net/http/server.go:1995 +0x44
net/http.(*ServeMux).ServeHTTP(0xc000340500, 0x20042e0, 0xc000e30b60, 0xc001612600)
	/usr/local/go/src/net/http/server.go:2375 +0x1d6
github.com/argoproj/argo-cd/server.(*bug21955Workaround).ServeHTTP(0xc00037a2e0, 0x20042e0, 0xc000e30b60, 0xc001612600)
	/go/src/github.com/argoproj/argo-cd/server/server.go:831 +0x13d
github.com/argoproj/argo-cd/server.(*handlerSwitcher).ServeHTTP(0xc0005308a0, 0x20042e0, 0xc000e30b60, 0xc001612600)
	/go/src/github.com/argoproj/argo-cd/server/server.go:808 +0x16d
net/http.serverHandler.ServeHTTP(0xc000985380, 0x20042e0, 0xc000e30b60, 0xc001612600)
	/usr/local/go/src/net/http/server.go:2774 +0xa8
net/http.(*conn).serve(0xc000d6f400, 0x200a820, 0xc0006dd2c0)
	/usr/local/go/src/net/http/server.go:1878 +0x851
created by net/http.(*Server).Serve
	/usr/local/go/src/net/http/server.go:2884 +0x2f4

Wondering whether this has to do with the amount of the groups....?
Is it related to #1103?
Unfortunately, I do not know any user who has few groups in our org so couldn't try it with one..
@reggie-k reggie-k added the bug Something isn't working label Dec 25, 2019
@reggie-k
Copy link
Member Author

reggie-k commented Jan 8, 2020

Any new on this?
Dex log shows that the login is successful, dex brings all the groups along.
This is clearly an ARGOCD issue.

@alexmt alexmt added this to the v1.5 milestone Jan 8, 2020
@alexmt
Copy link
Collaborator

alexmt commented Jan 8, 2020

Hello @reggie-k,

This indeed might be related to #1103. If user has too many groups then argocd is trying to gzip the token and illegal base64 data at input byte 2174 indicates there might be a bug. Wrapping up v1.4 release and will work on this bug next. The fix should go into v1.4.1 patch release

@reggie-k
Copy link
Member Author

reggie-k commented Jan 8, 2020

Cool, thanks. Will it help if I share the amount of the returned groups?

@alexmt
Copy link
Collaborator

alexmt commented Jan 8, 2020

Yes, it will! Even better if you could get the number of characters of the group list (assuming that each group is printed on the new line)

@reggie-k
Copy link
Member Author

reggie-k commented Jan 12, 2020
edited
Loading

dex.config: |
connectors:
- type: ldap
id: ldap
name: LDAP
config:
host: <MY_HOST>:<MY_PORT>
insecureNoSSL: true
insecureSkipVerify: true
bindDN: <MY_USER>
bindPW: <MY_PWD>
usernamePrompt: Username
userSearch:
baseDN: <MY_BASEDN>
filter: "(&(objectclass=user))"
username: sAMAccountName
idAttr: uidNumber
emailAttr: mail
nameAttr: name
# Group search queries for groups given a user entry.
groupSearch:
baseDN: "MY_BASEDN"
userAttr: distinguishedName
#userAttr: uid
groupAttr: member
nameAttr: name

@reggie-k
Copy link
Member Author

Now, the group amount returned is around 60.
The overall characters length is around 2500.
I am afraid that I cannot query the groups with a filter because of lack of appropriate naming convention.

@alexmt alexmt modified the milestones: v1.5, v1.6 Feb 18, 2020
@reggie-k
Copy link
Member Author

reggie-k commented Mar 4, 2020

Wanted to update that the very same user is fetched along with the many groups just fine with dex saml config (to which we recently moved, so the original issue is no show stopper anymore)

@jannfis jannfis added the component:sso Issues related to Argo CD configurations label May 14, 2020
@alexmt alexmt modified the milestones: v1.6 GitOps Engine, v1.7 May 27, 2020
@alexmt alexmt modified the milestones: v1.7 , v1.8 Aug 25, 2020
@alexmt
Copy link
Collaborator

alexmt commented Sep 16, 2020

Good suggestion here about how to fix this issue: #2085 (comment)

@jessesuen jessesuen added good first issue Good for newcomers help wanted Extra attention is needed labels Sep 16, 2020
@alexmt alexmt self-assigned this Oct 15, 2020
@alexmt alexmt modified the milestones: v1.8, v1.9 Oct 29, 2020
@alexmt alexmt removed their assignment Oct 29, 2020
@kshamajain99 kshamajain99 mentioned this issue Feb 11, 2021
Merged
9 tasks
alexmt pushed a commit that referenced this issue Feb 18, 2021
@kshamajain99
fix: support longer http cookie (#2917) (#5497)
6de3cf4 
* fix: support longer cookie

Signed-off-by: kshamajain99 <kshamajain99@gmail.com>
@kshamajain99 kshamajain99 self-assigned this Mar 4, 2021
shubhamagarwal19 pushed a commit to shubhamagarwal19/argo-cd that referenced this issue Apr 15, 2021
@kshamajain99 @Shubhama19
fix: support longer http cookie (argoproj#2917) (argoproj#5497)
49b6d00 
* fix: support longer cookie

Signed-off-by: kshamajain99 <kshamajain99@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kshamajain99 kshamajain99

Labels
bug Something isn't working component:sso Issues related to Argo CD configurations good first issue Good for newcomers help wanted Extra attention is needed
Projects
None yet
Milestone
v2.0
Development

Successfully merging a pull request may close this issue.

fix: support longer http cookie (#2917) kshamajain99/argo-cd
5 participants
@alexmt @jannfis @kshamajain99 @jessesuen @reggie-k