Description
Preflight Checklist
- I agree to follow the Code of Conduct that this project adheres to.
- I have searched the issue tracker for an issue that matches the one I want to file, without success.
- I am not looking for support or already pursued the available support channels without success.
Version
3.1.0
Storage Type
In-memory
Installation Type
Other (specify below)
Expected Behavior
This issue is related to dex used internally in Concourse.
Expected behavior is that you can login into Concourse with OIDC and self-signed certificate with skipSslValidation set to true.
Actual Behavior
Issue occurs in Concourse version 7.8.0 and higher (where new flag was introduced: CONCOURSE_OIDC_DISABLE_GET_USER_INFO).
This flag by default is set to false
(DisableGetUserInfo is set to false
) which means it will try to get UserInfo. But it fails when self-signed cert is used, as in the image below:
Steps To Reproduce
- Configure concourse with OIDC: skipSslValidation set to
true
and disableGetUserInfo set tofalse
. - Try to login
- You get an error about self-signed x509 certificate
Additional Information
This is probably caused by missed one line where http.Request context is used instead of the context with local httpClient:
https://github.com/concourse/dex/blob/v0.8.0/connector/oidc/oidc.go#L295
I am not sure if this should be reported in concourse repository as well.
Configuration
No response
Logs
No response