Search code examples
base64saml-2.0argocdopenid-dex

How to copy paste Google's SSO certificate for connecting with dex?

I keep getting the follwoing error in dex server -

failed to initialize server: server: Failed to open connector saml: failed to open connector: failed to create connector saml: parse cert: trailing data:

I'm copying the Google SSO certificate, converting it to base64 and pasting it . This is for configuring argocd with google sso login.( https://argo-cd.readthedocs.io/en/release-1.8/operator-manual/user-management/google/) I tried copying the certificate with \n , \r\n and without \n. Still the same error. I'm editing the argocd cm file and adding it. Is there a correct format of copying it?

Solution

  • 1: Go to https://www.base64encode.org/ and paste your original cert there for encoding. The original in full format as:

    -----BEGIN CERTIFICATE-----
MIIDdDDDD
XXXXXX
VVVVVVV
-----END CERTIFICATE-----

    Copy the encoded result string end to end and be careful to have no extra characters.

    2: Edit your config map and ensure the yaml formatting is right:

    #kubectl -n argocd edit cm argocd-cm

    Here is a sample config that worked:

    ---
#in argocd-cm
data:
  url: https://argocd.int.domain.com
  dex.config: |
    logger:
      level: debug
      format: json
    connectors:
    - type: saml
      id: saml
      name: saml
      config:
        ssoURL: https://accounts.google.com/o/saml2/idp?idpid=XXXXXXXX
        entityIssuer: https://argocd.int.domain.com/api/dex/callback
        redirectURI: https://argocd.int.domain.com/api/dex/callback
        ssoIssuer: https://accounts.google.com/o/saml2/idp?idpid=XXXXXXXXX
        caData: |
          LS0tLS1CRUdJTiBXXXXXXXXXXThe long BASE64EncodedString
        usernameAttr: name
        emailAttr: email
#etcetc
---

    I hope this fixes your problem.

    Note: Formatting characters in the configmap will likely break things by introducing yaml parse errors so ensure you are not seeing /n and such when you open up the config map after your edit is saved.

    You should consider a restart of both the argocd-dex-server and argocd-server deployments and confirm that the logs in the new pods come up clean.

    [taproot@ip-10-10-15-500 ~]# kubectl -n argocd rollout restart deployment argocd-dex-server
deployment.apps/argocd-dex-server restarted
[taproot@ip-10-10-15-500 ~]# kubectl -n argocd rollout restart deployment argocd-server
deployment.apps/argocd-server restarted

    I had to do the above restart to get rid of prominent errors on the UI that read something like:

    "unable to load data: grpc: the client connection is closing"

    Ref: https://argoproj.github.io/argo-cd/operator-manual/user-management/google/