[caasp-beta] caasp v4 dex refreshtokens forbidden
Donaldson, Ian
Ian.Donaldson at NGIC.COM
Fri Aug 16 10:44:19 MDT 2019
One of our developers can't login to gangway/dex to get his token.. I see these errors in the dex logs. Any ideas?
2019-08-16T11:44:00.072284195-04:00 stderr F time="2019-08-16T15:44:00Z" level=error msg="failed to get refresh token: GET https://10.96.0.1:443/apis/dex.coreos.com/v1/namespaces/kube-system/refreshtokens/bj7ffgjikxfj6hiryzqgmzm6x Forbidden: response from server \"{\"kind\":\"Status\",\"apiVersion\":\"v1\",\"metadata\":{},\"status\":\"Failure\",\"message\":\"refreshtokens.dex.coreos.com \\"bj7ffgjikxfj6hiryzqgmzm6x\\" is forbidden: User \\"system:serviceaccount:kube-system:oidc-dex\\" cannot get resource \\"refreshtokens\\" in API group \\"dex.coreos.com\\" in the namespace \\"kube-system\\"\",\"reason\":\"Forbidden\",\"details\":{\"name\":\"bj7ffgjikxfj6hiryzqgmzm6x\",\"group\":\"dex.coreos.com\",\"kind\":\"refreshtokens\"},\"code\":403}\<file://%22kube-system/%22/%22,/%22reason/%22:/%22Forbidden/%22,/%22details/%22:%7b/%22name/%22:/%22bj7ffgjikxfj6hiryzqgmzm6x/%22,/%22group/%22:/%22dex.coreos.com/%22,/%22kind/%22:/%22refreshtokens/%22%7d,/%22code/%22:403%7d/>""
Ian Donaldson
Unix Systems Administrator
Office: 336-435-3983
ian.donaldson at NGIC.com
[cid:image001.png at 01CF32FA.7C387000]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20190816/cad2a18f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 2857 bytes
Desc: image001.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20190816/cad2a18f/attachment.png>
More information about the caasp-beta
mailing list