Skip to content

🌱 argo: Argo CD UI getting logged out in 5 mins while integrated with keycloak #477

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
clubanderson wants to merge 1 commit into from
Closed

🌱 argo: Argo CD UI getting logged out in 5 mins while integrated with keycloak #477

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
76 changes: 76 additions & 0 deletions ...rgo/argo-12189-argo-cd-ui-getting-logged-out-in-5-mins-while-integrated-with-keycloa.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
{
"version": "kc-mission-v1",
"name": "argo-12189-argo-cd-ui-getting-logged-out-in-5-mins-while-integrated-with-keycloa",
"missionClass": "solution",
"author": "KubeStellar Bot",
"authorGithub": "kubestellar",
"mission": {
"title": "argo: Argo CD UI getting logged out in 5 mins while integrated with keycloak",
"description": "Argo CD UI getting logged out in 5 mins while integrated with keycloak. This issue affects 94+ users.",
"type": "feature",
"status": "completed",
"steps": [
{
"title": "Identify argo feature symptoms",
"description": "Check for the issue in your argo deployment:\n```bash\nkubectl get pods -n argo -l app=argo\nkubectl logs -l app.kubernetes.io/name=argo -n argo --tail=100 | grep -i error\n```\nLook for errors related to: Argo CD UI getting logged out in 5 mins while integrated with keycloak"
},
{
"title": "Check current argo configuration",
"description": "Review the relevant argo configuration:\n**Issue**\nWe have installed Argo CD of version 2.5.3. We have integrated Argo CD with keycloak following the steps in https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/keycloak/#integrating-keycloak-and-argocd\nWith this integration when I login to the Argo CD UI via keycloak,"
},
{
"title": "Apply the fix for Argo CD UI getting logged out in 5 mins while integrated",
"description": "Another workaround: Instead using the native OIDC support of argo-cd, we could use Dex as an intermediate.\n\nFor example, instead of configuring this...\n\n```yaml\noidc.config:\n name: Company-SSO\n issuer: https://company-keycloak/realms/some-realm\n clientID: argocd\n cliClientID: argocd-cli\n \n```yaml\noidc.config: |\r\n skipAudienceCheckWhenTokenHasNoAudience: true\n```"
},
{
"title": "Confirm Argo CD UI getting logged out in 5 mins while is resolved",
"description": "Verify the fix by checking that the original error no longer occurs:\n```bash\nkubectl logs -l app.kubernetes.io/name=argo -n argo --tail=50 --since=5m\nkubectl get events -n argo --sort-by='.lastTimestamp' | tail -10\n```\nConfirm that the issue symptoms are gone."
}
],
"resolution": {
"summary": "The root cause is: Another workaround: Instead using the native OIDC support of argo-cd, we could use Dex as an intermediate.\n\nFor example, instead of configuring this...\n\n```yaml\noidc.config:\n name: Company-SSO\n issuer: https://company-keycloak/realms/some-realm\n clientID: argocd\n cliClientID: argocd-cli\n clientSecret: $oidc.keycloak.clientSecret\n requestedScopes: [\"openid\", \"microprofile-jwt\"]\n```\n\nWe would.",
"codeSnippets": [
"oidc.config: |\r\n skipAudienceCheckWhenTokenHasNoAudience: true",
"oidc.config: |\r\n name: OIDC name\r\n issuer: https://oidc.url\r\n clientID: $oidc-secret:oidc.clientID\r\n clientSecret: $oidc-secret:oidc.clientSecret\r\n requestedScopes: [\"openid\"]",
"## Server service configuration\r\n service:\r\n # -- Used to maintain session affinity. Supports `ClientIP` and `None`\r\n sessionAffinity: \"ClientIP\""
]
}
},
"metadata": {
"tags": [
"argo",
"graduated",
"app-definition",
"feature"
],
"cncfProjects": [
"argo"
],
"targetResourceKinds": [],
"difficulty": "advanced",
"issueTypes": [
"feature"
],
"maturity": "graduated",
"sourceUrls": {
"issue": "https://github.com/argoproj/argo-cd/issues/12189",
"repo": "https://github.com/argoproj/argo-cd"
},
"reactions": 94,
"comments": 61,
"synthesizedBy": "copilot"
},
"prerequisites": {
"kubernetes": ">=1.24",
"tools": [
"kubectl"
],
"description": "A running Kubernetes cluster with argo installed or the issue environment reproducible."
},
"security": {
"scannedAt": "2026-03-10T21:33:30.278Z",
"scannerVersion": "cncf-gen-3.0.0",
"sanitized": true,
"findings": []
}
}
Loading