Internal error: Authentication failure

Hi,

I am trying to configure my OIDC provider using the Admin API PUT /{db}/_config end point but getting the following response.

{"error":"Internal Server Error","reason":"Internal error: Authentication failure"}

In the logs I see these entries.

2022-03-03T00:01:16.134Z [ERR] c:#002 #002: Authentication failure -- rest.(*handler).writeError() at handler.go:1029
2022-03-03T00:01:16.134Z [INF] HTTP: #002:     --> 500 Internal error: Authentication failure  (3334.1 ms)

I am using the following Sync Gateway Docker image - couchbase/sync-gateway:3.0.0-enterprise.

I am sending the following body, which worked for me when using 3.0.0-beta02-enterprise, using Postman.

{
    "oidc": {
        "providers": {
            "azuread": {
                "issuer": "https://login.microsoftonline.com/160xx896-xxxx-xxxx-xxxx-948xx594cf0a/v2.0",
                "client_id": "50aaxxxx-51a5-xxxx-xxxx-44d0405xxxxa",
                "register": true
            }
        }
    }
}

This is the Sync Gateway config file I am using, in case it is relevant.

{
    "bootstrap": {
        "server": "couchbase://cbserver7-0-3",
        "username": "sync_gateway",
        "password": "XXXXXXXXX",
        "server_tls_skip_verify": true,
        "use_tls_server": false
    },
    "api": {
        "admin_interface": ":4985"
    },
    "logging": {
        "console": {
	    "enabled": true,
            "log_level": "debug",
            "log_keys": ["*"],
            "color_enabled": true
        }
    }
}

Does anyone know what I am doing wrong or how to further debug this?

Thanks

Hi there, few things to try:

  • Are you able to call other DB update endpoints that do not modify OIDC? how about other admin and non-admin endpoints?
  • Do you see any additional “Auth” or “Auth+” messages in the logs? maybe set log level to trace, as well.
  • if possible, can you confirm that you are able to reach the oidc provider from within the SG docker?

Thanks.