BurgerGames/NetBirdMSP-Appliance
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix Unauthenticated: use local OIDCConfigEndpoint for embedded IdP

Browse Source 
The management container was trying to fetch its own OIDC config via
the external URL (https://domain/oauth2/.well-known/...), which creates
a circular dependency: management -> DNS -> NPM -> Caddy -> management.
This fails because the management container can't reach itself through
the external network during startup.

Changed OIDCConfigEndpoint to http://127.0.0.1:80/oauth2/... (same as
LocalAddress) so the management server accesses its own embedded IdP
directly without going through DNS/NPM/Caddy.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Sascha Lustenberger
2026-02-08 21:33:59 +01:00
parent 8853087161
commit fbce6b95fd
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
templates/management.json.j2
View File

@@ -36,7 +36,7 @@
"HttpConfig": { "HttpConfig": {
"AuthIssuer": "{{ external_url }}/oauth2", "AuthIssuer": "{{ external_url }}/oauth2",
"AuthAudience": "netbird-dashboard", "AuthAudience": "netbird-dashboard",
"OIDCConfigEndpoint": "{{ external_url }}/oauth2/.well-known/openid-configuration" "OIDCConfigEndpoint": "http://127.0.0.1:80/oauth2/.well-known/openid-configuration"
}, },
"EmbeddedIdP": { "EmbeddedIdP": {
"Enabled": true, "Enabled": true,