Skip to content

Vcenter authentik integration #12917

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Zenthos99 opened this issue Feb 2, 2025 · 3 comments · Fixed by #13644
Closed

Vcenter authentik integration #12917

Zenthos99 opened this issue Feb 2, 2025 · 3 comments · Fixed by #13644
Assignees
@BeryJu
Labels
bug/confirmed Confirmed bugs bug Something isn't working

Comments

@Zenthos99
Copy link

Describe your question/
I am trying to integrate Authentik with my vCenter. So far, I have managed to add the Okta provider to vCenter's SSO. The issue arises when configuring the SCIM provider. As seen in the screenshots, it does not sync.

I have tried deleting all users and adding an empty group to SCIM, but the issue persists, and alerts keep appearing. I am not sure what else to try.

Additionally, when I go to the Authentik domain and try to manually create a user, I get an error (see the screenshot).

Relevant info
vCenter and Authentik are both running the latest versions.

Screenshots

Image

Image

Image

Version and Deployment (please complete the following information):

  • authentik version: 2024.12.3
  • Deployment: docker compose
@Zenthos99 Zenthos99 added the question Further information is requested label Feb 2, 2025
@Zenthos99
Copy link
Author

Image

I've gotten it to half work but I get this error now.

@monstermuffin
Copy link

I get the same error when trying to sync.

Traceback (most recent call last): File "/ak-root/venv/lib/python3.12/site-packages/celery/app/trace.py", line 453, in trace_task R = retval = fun(*args, **kwargs) ^^^^^^^^^^^^^^^^^^^^ File "/ak-root/venv/lib/python3.12/site-packages/sentry_sdk/utils.py", line 1860, in runner return sentry_patched_function(*args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/ak-root/venv/lib/python3.12/site-packages/sentry_sdk/integrations/celery/__init__.py", line 416, in _inner reraise(*exc_info) File "/ak-root/venv/lib/python3.12/site-packages/sentry_sdk/utils.py", line 1795, in reraise raise value File "/ak-root/venv/lib/python3.12/site-packages/sentry_sdk/integrations/celery/__init__.py", line 411, in _inner return f(*args, **kwargs) ^^^^^^^^^^^^^^^^^^ File "/ak-root/venv/lib/python3.12/site-packages/celery/app/trace.py", line 736, in __protected_call__ return self.run(*args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^ File "/ak-root/venv/lib/python3.12/site-packages/celery/app/autoretry.py", line 38, in run return task._orig_run(*args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/authentik/providers/scim/tasks.py", line 22, in scim_sync return sync_tasks.sync_single(self, provider_pk, scim_sync_objects) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/authentik/lib/sync/outgoing/tasks.py", line 98, in sync_single ).get(): ^^^^^ File "/ak-root/venv/lib/python3.12/site-packages/celery/result.py", line 251, in get return self.backend.wait_for_pending( ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/ak-root/venv/lib/python3.12/site-packages/celery/backends/asynchronous.py", line 223, in wait_for_pending return result.maybe_throw(callback=callback, propagate=propagate) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/ak-root/venv/lib/python3.12/site-packages/celery/result.py", line 365, in maybe_throw self.throw(value, self._to_remote_traceback(tb)) File "/ak-root/venv/lib/python3.12/site-packages/celery/result.py", line 358, in throw self.on_ready.throw(*args, **kwargs) File "/ak-root/venv/lib/python3.12/site-packages/vine/promises.py", line 235, in throw reraise(type(exc), exc, tb) File "/ak-root/venv/lib/python3.12/site-packages/vine/utils.py", line 27, in reraise raise value builtins.TypeError: 'NoneType' object is not iterable

I am able to see Authentik users in vCenter Users and Groups > Domain > 'authentik' however I cannot apply these to global permissions.

@monstermuffin monstermuffin mentioned this issue Feb 20, 2025
Closed
@BeryJu
Copy link
Member

BeryJu commented Mar 21, 2025

Ok for the longest time I wasn't able to reproduce this but now with VCSA setup I can reproduce this

@BeryJu BeryJu added bug Something isn't working bug/confirmed Confirmed bugs and removed question Further information is requested labels Mar 21, 2025
@BeryJu BeryJu self-assigned this Mar 21, 2025
BeryJu added a commit that referenced this issue Mar 24, 2025
@BeryJu
providers/scim: fix group membership check failing
71512cc 
closes #12917

Signed-off-by: Jens Langhammer <[email protected]>
@BeryJu BeryJu mentioned this issue Mar 24, 2025
Merged
6 tasks
@BeryJu BeryJu closed this as completed in 7653a35 Mar 24, 2025
gcp-cherry-pick-bot bot pushed a commit that referenced this issue Apr 8, 2025
@BeryJu
providers/scim: fix group membership check failing (#13644)
58ade03 
closes #12917

Signed-off-by: Jens Langhammer <[email protected]>
@gcp-cherry-pick-bot gcp-cherry-pick-bot bot mentioned this issue Apr 8, 2025
Merged
rissson pushed a commit that referenced this issue Apr 8, 2025
@gcp-cherry-pick-bot @BeryJu
providers/scim: fix group membership check failing (cherry-pick #13644)…
63ec664 
… (#13825)

Co-authored-by: Jens L. <[email protected]>
fix group membership check failing (#13644)
closes #12917
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@BeryJu BeryJu

Labels
bug/confirmed Confirmed bugs bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

providers/scim: fix group membership check failing goauthentik/authentik
3 participants
@BeryJu @monstermuffin @Zenthos99