Internal server error: AuthType openid-connect configured without corresponding module

This is a fresh install of ondemand-selinux (v1.8-1) on cent7.

I’ve configured ondemand based on the ondemand-selinux RPM instructions here: Installation — Open OnDemand 1.8.12 documentation

Everything seems to have gone well except when I try to access the login page, I get a 500 error. The only (relevant?) information I get in the logs at the moment is the following: AH01796: AuthType openid-connect configured without corresponding module. This happens each time I try to access the page and get the 500.

I don’t have openid-connect configured or mentioned however, at least not to my knowledge, anywhere in the config(s).

The only information I have changed in /etc/ood/config/ood_portal.yml is the auth section, which looks like this (and was copied from a prior working instance of Open OnDemand):

servername: ondemand.domain.edu

lua_log_level: ‘debug’

auth:

  • ‘AuthType Basic’
  • ‘AuthBasicProvider ldap’
  • ‘AuthName “Welcome Message.”’
  • ‘AuthLDAPURL “ldapurl”’
  • ‘AuthLDAPBindDN “dnname@domain.local”’
  • ‘AuthLDAPBindPassword supersecretpassword’
  • ‘Require ldap-group CN=sg.Cluster_Users,OU=Security Groups,OU=Research Computing,dc=DOMAIN,DC=local’

I have a feeling I’m missing something quite obvious here but I’m not exactly sure where to look next. Any help is appreciated.

Hi sorry, did you make any progress on this? My guess is there’s some hanging OIDC config somewhere in conf.d/ood_portal.conf. Can you check to see if there’s an unexpected OIDC config in the ood portal.conf file?

Also as an aside - We started shipping ondemand-dex which provides OIDC authentication that can connect to your LDAP so you don’t need to use the basic LDAP config you have there which is not so secure.

To perhaps close this thread: Fresh install of Rocky8, no SELinux, followed by a fresh install of Ondemand 2.0.13. I too get the
[Tue Jul 20 12:34:53.733922 2021] [authn_core:error] [pid 1348:tid 140347854288640] [client 192.168.0.103:50275] AH01796: AuthType openid-connect configured without corresponding module
error. This is because the ood_portal.yml file switched from Basic auth to openid at some point (1.8?) and you need to override that with:

auth:
  - 'AuthType Basic'
  - 'AuthName "OnDemand"'
  - 'AuthUserFile "/etc/htpasswd"'
  - 'Require valid-user'
at the appropriate place in the yml file. Pick you own location for AuthUserFile.  This simplistic method works well for initial testing;  "real" authentication can come later in the process.  It might be useful to document this method in the install guide (I didn't see it there).
Ric
---

Yes the default switched in 1.8, but it seems like you should still be able to override it.

You get this error message, I’m guessing you also get some sort of error page when you try to login?

I’ll have to try to replicate what a fresh install using basic auth without OIDC looks like.

hi everyone,

I don’t know if my situation is the same as everyone’s in the configuration process. Describe my situation about the 500 error.

Of course, the version is also 1.8.x, installed through yum.

If you use basic system user authentication instead of LDAP and other authentication servers, the 500 error on the web page is indeed related to the auth configuration. As @azric mentioned after I adopted the following configuration, it never happened There has been a prompt of 500.

The creation of web users is done with the following one-line command:

scl enable ondemand - htpasswd -c /opt/rh/httpd24/root/etc/httpd/.htpasswd kuankuan

“kuankuan” is a user name.

In the /etc/ood/config/ood_portal.yml configuration file, the following configuration is added:

auth:
  -'AuthType Basic'
  -'AuthName "OnDemand"'
  -'AuthUserFile "/opt/rh/httpd24/root/etc/httpd/.htpasswd"'
  -'Require valid-user'

AuthUserFile’s cultural structure must be real.

Hi Afu.

Welcome to the community. Thanks for posting!

I’m sorry, but I’m not following the post 100%. Are you getting a 500 Error?

Thanks,
-gerald

Yes, I encountered a 500 error during the first installation.

It may be because I didn’t configure it correctly, but I didn’t modify too many parameters.

Later, I reset it according to the basic steps, and it is limited to the configuration content I wrote. Set up the account and set up the authentication part.

Also, when creating a system account, it is best to specify a UID number greater than 1000 because it is likely to be the same as the default UID of NGINX.

ok. that’s great. Please let us know if you need anything further.

thanks,
-gerald