Hi all!
I am working on an installation of two OOD instances using a HAproxy for traffic balancing. So far everything seemed to be going well but I have started to have problems at the time of final testing.
When I try to loggin with the two OOD instances up I get an error associated to the OIDC (I attach a related log). The strange thing is that when I turn off one of the two OODs the loggin works without problems.
This is a copy of my /etc/haproxy/haproxy.cfg
#### UNCOMMENT AFTER OOD IS INSTALLED ####
frontend hpcportal
mode http
bind 10.200.151.10:80
default_backend ood-bk
backend ood-bk
balance roundrobin
mode http
option forwardfor
stick-table type ip size 1m expire 0 store conn_cur
http-request set-header Host %[req.hdr(Host)]
http-request set-header X-Forwarded-Proto http
http-request set-header X-Forwarded-For %[src]
http-request set-header X-Forwarded-Host %[req.hdr(Host)]
server ---------------- 10.200.146.14:80 check verify none
server ---------------- 10.200.146.15:80 check verify none
stick on src
##########################################
And here is the log that I obtain, I can see that is something related to oidc authentication but i don’t know why only when the 2 instances are up.
[Wed Mar 26 18:04:05.476410 2025] [auth_openidc:error] [pid 46771:tid 46900] [client 10.200.146.11:44170] oidc_util_json_string_print: oidc_util_check_json_error: response contained an "error" entry with value: ""invalid_grant"", referer: http://-----------/dex/auth/ldap_local/login?back=%2Fdex%2Fauth%3Fclient_id%3D------%26nonce%3DYyQnZDKtsl46Vnq3FcmHrbCZCAAg73ARPtxi6SIWPro%26redirect_uri%3Dhttp%253A%252F%252Fhpcportal.ieo.it%252Foidc%26response_type%3Dcode%26scope%3Dopenid%2Bprofile%2Bemail%26state%3DUG6rmUbMYsnPRUpuMgvmPuBz7R4&state=jdmlvhzkevm2q2ao7gqakfupm
[Wed Mar 26 18:04:05.476453 2025] [auth_openidc:error] [pid 46771:tid 46900] [client 10.200.146.11:44170] oidc_util_json_string_print: oidc_util_check_json_error: response contained an "error_description" entry with value: ""Invalid or expired code parameter."", referer: http://-------/dex/auth/ldap_local/login?back=%2Fdex%2Fauth%3Fclient_id%3D--------%26nonce%3DYyQnZDKtsl46Vnq3FcmHrbCZCAAg73ARPtxi6SIWPro%26redirect_uri%3Dhttp%253A%252F%252Fhpcportal.ieo.it%252Foidc%26response_type%3Dcode%26scope%3Dopenid%2Bprofile%2Bemail%26state%3DUG6rmUbMYsnPRUpuMgvmPuBz7R4&state=jdmlvhzkevm2q2ao7gqakfupm
[Wed Mar 26 18:04:05.476469 2025] [auth_openidc:error] [pid 46771:tid 46900] [client 10.200.146.11:44170] oidc_proto_resolve_code_and_validate_response: failed to resolve the code, referer: http://--------/dex/auth/ldap_local/login?back=%2Fdex%2Fauth%3Fclient_id%3D------%26nonce%3DYyQnZDKtsl46Vnq3FcmHrbCZCAAg73ARPtxi6SIWPro%26redirect_uri%3Dhttp%253A%252F%252Fhpcportal.ieo.it%252Foidc%26response_type%3Dcode%26scope%3Dopenid%2Bprofile%2Bemail%26state%3DUG6rmUbMYsnPRUpuMgvmPuBz7R4&state=jdmlvhzkevm2q2ao7gqakfupm
Best regards and thanks for the advice.
Pst : I mocked all the URLs whit “----”