Boundary desktop OIDC via Vault

HI,

I have problem with authenticate via OICD with boundary desktop when I click “sing in” gets error:
Error
Authentication Failed


In log i have only:
{
“id”: “3jtgmCbz4X”,
“source”: “https://hashicorp.com/boundary/deb04/controller+worker”,
“specversion”: “1.0”,
“type”: “observation”,
“data”: {
“latency-ms”: 20.433138,
“request_info”: {
“id”: “gtraceid_PxE4JDC7fWB3kfRTxnpf”,
“method”: “POST”,
“path”: “/v1/auth-methods/amoidc_tgXx18Ww0V:authenticate”,
“client_ip”: “192.168.1.105”
},
“start”: “2023-01-19T12:26:35.348181872+01:00”,
“status”: 200,
“stop”: “2023-01-19T12:26:35.368615057+01:00”,
“version”: “v0.1”
},
“datacontentype”: “text/plain”,
“time”: “2023-01-19T12:26:35.368641086+01:00”
}
This situation occurs in production and dev. Logging via browser and cli is ok. Ideas?

Is your browser able to connect to Vault to log in via OIDC?

As for whether I connects to vault via browser, yes. I authenticate to boundary via vault in browser and cli but I can’t in desctop client, sceeens with browser (Brave):

Is that a self-managed Vault or HCP Vault? Do the Vault logs say anything about authentication errors?

Hi,

Self-menaged, In vault log I have nothing

Vault log level = trace

I configured Auth Method via browser, below my config screen:

I don’t use TLS yet.

Controller log when i click sign up:
{“id”:“WxB3NERvZv”,“source”:“https://hashicorp.com/boundary/nameserver/controller",“specversion”:“1.0”,“type”:“audit”,“data”:{“id”:“e_QfonsoOs6M”,“version”:“v0.1”,“type”:“APIRequest”,“timestamp”:“2023-01-25T11:51:45.237007965+01:00”,“request_info”:{“id”:“gtraceid_8Ge12NXZKi7GKJRXTgBB”,“method”:“POST”,“path”:“/v1/auth-methods/amoidc_t3Gws47GV4:authenticate”,“client_ip”:“IP_Client”},“auth”:{“auth_token_id”:“”,“user_info”:{“id”:“u_anon”},“grants_info”:{“grants”:[{“grant”:“id=*;type=scope;actions=list,no-op”,“scope_id”:“global”,“role_id”:“r_MkU8rcUp99”},{“grant”:“id=*;type=auth-method;actions=authenticate,list”,“scope_id”:“global”,“role_id”:“r_MkU8rcUp99”},{“grant”:"id={{.Account.Id}};actions=change-password,read”,“scope_id”:“global”,“role_id”:“r_MkU8rcUp99”},{“grant”:“id=;type=auth-token;actions=delete:self,list,read:self",“scope_id”:“global”,“role_id”:“r_MkU8rcUp99”},{“grant”:"id=;type=scope;actions=list,no-op”,“scope_id”:“o_NKoqsLXesV”,“role_id”:“r_eJdaQEm0I0”},{“grant”:“id=;type=auth-method;actions=authenticate,list",“scope_id”:“o_NKoqsLXesV”,“role_id”:“r_eJdaQEm0I0”},{“grant”:“id={{.Account.Id}};actions=change-password,read”,“scope_id”:“o_NKoqsLXesV”,“role_id”:“r_eJdaQEm0I0”},{“grant”:"id=;type=auth-token;actions=delete:self,list,read:self”,“scope_id”:“o_NKoqsLXesV”,“role_id”:“r_eJdaQEm0I0”},{“grant”:“id=;type=session;actions=cancel:self,list,read:self",“scope_id”:“p_6T9Z2BqM5Q”,“role_id”:“r_1yer7ghSas”},{“grant”:“type=target;actions=list”,“scope_id”:“p_6T9Z2BqM5Q”,“role_id”:“r_1yer7ghSas”},{“grant”:"id=;type=scope;actions=list,no-op”,“scope_id”:“o_CZF7W6elcq”,“role_id”:“r_mtKtQKPSfS”},{“grant”:“id=;type=auth-method;actions=authenticate,list",“scope_id”:“o_CZF7W6elcq”,“role_id”:“r_mtKtQKPSfS”},{“grant”:“id={{.Account.Id}};actions=change-password,read”,“scope_id”:“o_CZF7W6elcq”,“role_id”:“r_mtKtQKPSfS”},{“grant”:"id=;type=auth-token;actions=delete:self,list,read:self”,“scope_id”:“o_CZF7W6elcq”,“role_id”:“r_mtKtQKPSfS”},{“grant”:“id=;type=scope;actions=list,no-op",“scope_id”:“o_7Htb14yn3m”,“role_id”:“r_40QWfBofIT”},{“grant”:"id=;type=auth-method;actions=authenticate,list”,“scope_id”:“o_7Htb14yn3m”,“role_id”:“r_40QWfBofIT”},{“grant”:“id={{.Account.Id}};actions=change-password,read”,“scope_id”:“o_7Htb14yn3m”,“role_id”:“r_40QWfBofIT”},{“grant”:“id=;type=auth-token;actions=delete:self,list,read:self",“scope_id”:“o_7Htb14yn3m”,“role_id”:“r_40QWfBofIT”},{“grant”:"id=;type=scope;actions=list,no-op”,“scope_id”:“o_oKgsktbsOU”,“role_id”:“r_1VyG9vOckK”},{“grant”:“id=;type=auth-method;actions=authenticate,list",“scope_id”:“o_oKgsktbsOU”,“role_id”:“r_1VyG9vOckK”},{“grant”:“id={{.Account.Id}};actions=change-password,read”,“scope_id”:“o_oKgsktbsOU”,“role_id”:“r_1VyG9vOckK”},{“grant”:"id=;type=auth-token;actions=delete:self,list,read:self”,“scope_id”:“o_oKgsktbsOU”,“role_id”:“r_1VyG9vOckK”}]},“email”:“hmac-sha256:IMNNImNIJAceOiOG8e2i5JJU329jHBdQMMtOhBcxlhw”,“name”:“hmac-sha256:IMNNImNIJAceOiOG8e2i5JJU329jHBdQMMtOhBcxlhw”},“request”:{“details”:{“auth_method_id”:“amoidc_t3Gws47GV4”,“Attrs”:null,“command”:“start”}},“response”:{“status_code”:200,“details”:{“Attrs”:{“OidcAuthMethodAuthenticateStartResponse”:{“auth_url”:“http://Vault_IP:8200/ui/vault/identity/oidc/provider/default/authorize?client_id=gGwipd3vEbUNFOgBsdDNIAYhG4VBS5Ja\u0026nonce=5eJ9I5CWkeKh2xFxS84t\u0026redirect_uri=https%3A%2F%2FBoundary_IP%3A9200%2Fv1%2Fauth-methods%2Foidc%3Aauthenticate%3Acallback\u0026response_type=code\u0026scope=openid\u0026state=3GEv7aMwrV7T9icbwcCvkdf2cK8fLmKBk9Rieh8TEU1xrJWhzse7HUHCZSfHUvpXqixXTZa46MXLtzYoAgwKutpZsL4NeL1hoL9gTNRwxfTneWSyAhg18xU1TLqDU2UtwG9GyodCpeM5FQZ64yHvWDdF1baNbNzPF38v6XUqNZPrsSnvcGeQbv4AdhBmi3Ho5oxxa7RQzQLMYpXg5ThT19ZNzEve7QoA1fJwqN8A1CBJ3jUKU3zkqBZhtf1khbHaMxbqXsJ1cQQNZaQjEeeaDJu7rYJu1gchbYdw13QbCa997kDgQ5VfH8TNuM1pFm2rcf2jFUd5c4uwByu1i6GYq6xJjtNiRvu6q2MA7Q3rQjYKtfBKy6cfvzWWe1AVFWfmkwD”,“token_id”:“3zLaSRGh4YuRhaAtNREwC4GcPCA3cgAYk3rsGAZWoFBnaaM5RB5ZprDSQpnBpFMsYEfdDub2151fpc8EH7EDuvzGbRqz7SdkPXQPAeLF2v1qfJ5LFnzgdp9EwYqEXM5poe2sTD8xams12tUhoqnqp8sWjSE1foQYb1WjQKvJc9GV2r2RRYtGNFaZreaHRQ3ZqLkhuedV4Y324r554ibww9NccNwm8QFpRHXZEDe6Yo2k17fJAPfDRiMBy”}},“command”:“start”}}},“datacontentype”:“application/cloudevents”,“time”:“2023-01-25T11:51:45.237018562+01:00”,“serialized”:“eyJpZCI6Ild4QjNORVJ2WnYiLCJzb3VyY2UiOiJodHRwczovL2hhc2hpY29ycC5jb20vYm91bmRhcnkvTE5YMDAwMDE4MTAvY29udHJvbGxlciIsInNwZWN2ZXJzaW9uIjoiMS4wIiwidHlwZSI6ImF1ZGl0IiwiZGF0YSI6eyJpZCI6ImVfUWZvbnNvT3M2TSIsInZlcnNpb24iOiJ2MC4xIiwidHlwZSI6IkFQSVJlcXVlc3QiLCJ0aW1lc3RhbXAiOiIyMDIzLTAxLTI1VDExOjUxOjQ1LjIzNzAwNzk2NSswMTowMCIsInJlcXVlc3RfaW5mbyI6eyJpZCI6Imd0cmFjZWlkXzhHZTEyTlhaS2k3R0tKUlhUZ0JCIiwibWV0aG9kIjoiUE9TVCIsInBhdGgiOiIvdjEvYXV0aC1tZXRob2RzL2Ftb2lkY190M0d3czQ3R1Y0OmF1dGhlbnRpY2F0ZSIsImNsaWVudF9pcCI6IjEwLjEyMS4yNTQuMTcwIn0sImF1dGgiOnsiYXV0aF90b2tlbl9pZCI6IiIsInVzZXJfaW5mbyI6eyJpZCI6InVfYW5vbiJ9LCJncmFudHNfaW5mbyI6eyJncmFudHMiOlt7ImdyYW50IjoiaWQ9Kjt0eXBlPXNjb3BlO2FjdGlvbnM9bGlzdCxuby1vcCIsInNjb3BlX2lkIjoiZ2xvYmFsIiwicm9sZV9pZCI6InJfTWtVOHJjVXA5OSJ9LHsiZ3JhbnQiOiJpZD0qO3R5cGU9YXV0aC1tZXRob2Q7YWN0aW9ucz1hdXRoZW50aWNhdGUsbGlzdCIsInNjb3BlX2lkIjoiZ2xvYmFsIiwicm9sZV9pZCI6InJfTWtVOHJjVXA5OSJ9LHsiZ3JhbnQiOiJpZD17ey5BY2NvdW50LklkfX07YWN0aW9ucz1jaGFuZ2UtcGFzc3dvcmQscmVhZCIsInNjb3BlX2lkIjoiZ2xvYmFsIiwicm9sZV9pZCI6InJfTWtVOHJjVXA5OSJ9LHsiZ3JhbnQiOiJpZD0qO3R5cGU9YXV0aC10b2tlbjthY3Rpb25zPWRlbGV0ZTpzZWxmLGxpc3QscmVhZDpzZWxmIiwic2NvcGVfaWQiOiJnbG9iYWwiLCJyb2xlX2lkIjoicl9Na1U4cmNVcDk5In0seyJncmFudCI6ImlkPSo7dHlwZT1zY29wZTthY3Rpb25zPWxpc3Qsbm8tb3AiLCJzY29wZV9pZCI6Im9fTktvcXNMWGVzViIsInJvbGVfaWQiOiJyX2VKZGFRRW0wSTAifSx7ImdyYW50IjoiaWQ9Kjt0eXBlPWF1dGgtbWV0aG9kO2FjdGlvbnM9YXV0aGVudGljYXRlLGxpc3QiLCJzY29wZV9pZCI6Im9fTktvcXNMWGVzViIsInJvbGVfaWQiOiJyX2VKZGFRRW0wSTAifSx7ImdyYW50IjoiaWQ9e3suQWNjb3VudC5JZH19O2FjdGlvbnM9Y2hhbmdlLXBhc3N3b3JkLHJlYWQiLCJzY29wZV9pZCI6Im9fTktvcXNMWGVzViIsInJvbGVfaWQiOiJyX2VKZGFRRW0wSTAifSx7ImdyYW50IjoiaWQ9Kjt0eXBlPWF1dGgtdG9rZW47YWN0aW9ucz1kZWxldGU6c2VsZixsaXN0LHJlYWQ6c2VsZiIsInNjb3BlX2lkIjoib19OS29xc0xYZXNWIiwicm9sZV9pZCI6InJfZUpkYVFFbTBJMCJ9LHsiZ3JhbnQiOiJpZD0qO3R5cGU9c2Vzc2lvbjthY3Rpb25zPWNhbmNlbDpzZWxmLGxpc3QscmVhZDpzZWxmIiwic2NvcGVfaWQiOiJwXzZUOVoyQnFNNVEiLCJyb2xlX2lkIjoicl8xeWVyN2doU2FzIn0seyJncmFudCI6InR5cGU9dGFyZ2V0O2FjdGlvbnM9bGlzdCIsInNjb3BlX2lkIjoicF82VDlaMkJxTTVRIiwicm9sZV9pZCI6InJfMXllcjdnaFNhcyJ9LHsiZ3JhbnQiOiJpZD0qO3R5cGU9c2NvcGU7YWN0aW9ucz1saXN0LG5vLW9wIiwic2NvcGVfaWQiOiJvX0NaRjdXNmVsY3EiLCJyb2xlX2lkIjoicl9tdEt0UUtQU2ZTIn0seyJncmFudCI6ImlkPSo7dHlwZT1hdXRoLW1ldGhvZDthY3Rpb25zPWF1dGhlbnRpY2F0ZSxsaXN0Iiwic2NvcGVfaWQiOiJvX0NaRjdXNmVsY3EiLCJyb2xlX2lkIjoicl9tdEt0UUtQU2ZTIn0seyJncmFudCI6ImlkPXt7LkFjY291bnQuSWR9fTthY3Rpb25zPWNoYW5nZS1wYXNzd29yZCxyZWFkIiwic2NvcGVfaWQiOiJvX0NaRjdXNmVsY3EiLCJyb2xlX2lkIjoicl9tdEt0UUtQU2ZTIn0seyJncmFudCI6ImlkPSo7dHlwZT1hdXRoLXRva2VuO2FjdGlvbnM9ZGVsZXRlOnNlbGYsbGlzdCxyZWFkOnNlbGYiLCJzY29wZV9pZCI6Im9fQ1pGN1c2ZWxjcSIsInJvbGVfaWQiOiJyX210S3RRS1BTZlMifSx7ImdyYW50IjoiaWQ9Kjt0eXBlPXNjb3BlO2FjdGlvbnM9bGlzdCxuby1vcCIsInNjb3BlX2lkIjoib183SHRiMTR5bjNtIiwicm9sZV9pZCI6InJfNDBRV2ZCb2ZJVCJ9LHsiZ3JhbnQiOiJpZD0qO3R5cGU9YXV0aC1tZXRob2Q7YWN0aW9ucz1hdXRoZW50aWNhdGUsbGlzdCIsInNjb3BlX2lkIjoib183SHRiMTR5bjNtIiwicm9sZV9pZCI6InJfNDBRV2ZCb2ZJVCJ9LHsiZ3JhbnQiOiJpZD17ey5BY2NvdW50LklkfX07YWN0aW9ucz1jaGFuZ2UtcGFzc3dvcmQscmVhZCIsInNjb3BlX2lkIjoib183SHRiMTR5bjNtIiwicm9sZV9pZCI6InJfNDBRV2ZCb2ZJVCJ9LHsiZ3JhbnQiOiJpZD0qO3R5cGU9YXV0aC10b2tlbjthY3Rpb25zPWRlbGV0ZTpzZWxmLGxpc3QscmVhZDpzZWxmIiwic2NvcGVfaWQiOiJvXzdIdGIxNHluM20iLCJyb2xlX2lkIjoicl80MFFXZkJvZklUIn0seyJncmFudCI6ImlkPSo7dHlwZT1zY29wZTthY3Rpb25zPWxpc3Qsbm8tb3AiLCJzY29wZV9pZCI6Im9fb0tnc2t0YnNPVSIsInJvbGVfaWQiOiJyXzFWeUc5dk9ja0sifSx7ImdyYW50IjoiaWQ9Kjt0eXBlPWF1dGgtbWV0aG9kO2FjdGlvbnM9YXV0aGVudGljYXRlLGxpc3QiLCJzY29wZV9pZCI6Im9fb0tnc2t0YnNPVSIsInJvbGVfaWQiOiJyXzFWeUc5dk9ja0sifSx7ImdyYW50IjoiaWQ9e3suQWNjb3VudC5JZH19O2FjdGlvbnM9Y2hhbmdlLXBhc3N3b3JkLHJlYWQiLCJzY29wZV9pZCI6Im9fb0tnc2t0YnNPVSIsInJvbGVfaWQiOiJyXzFWeUc5dk9ja0sifSx7ImdyYW50IjoiaWQ9Kjt0eXBlPWF1dGgtdG9rZW47YWN0aW9ucz1kZWxldGU6c2VsZixsaXN0LHJlYWQ6c2VsZiIsInNjb3BlX2lkIjoib19vS2dza3Ric09VIiwicm9sZV9pZCI6InJfMVZ5Rzl2T2NrSyJ9XX0sImVtYWlsIjoiaG1hYy1zaGEyNTY6SU1OTkltTklKQWNlT2lPRzhlMmk1SkpVMzI5akhCZFFNTXRPaEJjeGxodyIsIm5hbWUiOiJobWFjLXNoYTI1NjpJTU5OSW1OSUpBY2VPaU9HOGUyaTVKSlUzMjlqSEJkUU1NdE9oQmN4bGh3In0sInJlcXVlc3QiOnsiZGV0YWlscyI6eyJhdXRoX21ldGhvZF9pZCI6ImFtb2lkY190M0d3czQ3R1Y0IiwiQXR0cnMiOm51bGwsImNvbW1hbmQiOiJzdGFydCJ9fSwicmVzcG9uc2UiOnsic3RhdHVzX2NvZGUiOjIwMCwiZGV0YWlscyI6eyJBdHRycyI6eyJPaWRjQXV0aE1ldGhvZEF1dGhlbnRpY2F0ZVN0YXJ0UmVzcG9uc2UiOnsiYXV0aF91cmwiOiJodHRwOi8vMTAuMTIxLjI1Mi4xMDo4MjAwL3VpL3ZhdWx0L2lkZW50aXR5L29pZGMvcHJvdmlkZXIvZGVmYXVsdC9hdXRob3JpemU_Y2xpZW50X2lkPWdHd2lwZDN2RWJVTkZPZ0JzZEROSUFZaEc0VkJTNUphXHUwMDI2bm9uY2U9NWVKOUk1Q1drZUtoMnhGeFM4NHRcdTAwMjZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkYxMC4xMjEuMjUyLjEwJTNBOTIwMCUyRnYxJTJGYXV0aC1tZXRob2RzJTJGb2lkYyUzQWF1dGhlbnRpY2F0ZSUzQWNhbGxiYWNrXHUwMDI2cmVzcG9uc2VfdHlwZT1jb2RlXHUwMDI2c2NvcGU9b3BlbmlkXHUwMDI2c3RhdGU9M0dFdjdhTXdyVjdUOWljYndjQ3ZrZGYyY0s4ZkxtS0JrOVJpZWg4VEVVMXhySldoenNlN0hVSENaU2ZIVXZwWHFpeFhUWmE0Nk1YTHR6WW9BZ3dLdXRwWnNMNE5lTDFob0w5Z1ROUnd4ZlRuZVdTeUFoZzE4eFUxVExxRFUyVXR3RzlHeW9kQ3BlTTVGUVo2NHlIdldEZEYxYmFOYk56UEYzOHY2WFVxTlpQcnNTbnZjR2VRYnY0QWRoQm1pM0hvNW94eGE3UlF6UUxNWXBYZzVUaFQxOVpOekV2ZTdRb0ExZkp3cU44QTFDQkozalVLVTN6a3FCWmh0ZjFraGJIYU14YnFYc0oxY1FRTlphUWpFZWVhREp1N3JZSnUxZ2NoYllkdzEzUWJDYTk5N2tEZ1E1VmZIOFROdU0xcEZtMnJjZjJqRlVkNWM0dXdCeXUxaTZHWXE2eEpqdE5pUnZ1NnEyTUE3UTNyUWpZS3RmQkt5NmNmdnpXV2UxQVZGV2Zta3dEIiwidG9rZW5faWQiOiIzekxhU1JHaDRZdVJoYUF0TlJFd0M0R2NQQ0EzY2dBWWszcnNHQVpXb0ZCbmFhTTVSQjVacHJEU1FwbkJwRk1zWUVmZER1YjIxNTFmcGM4RUg3RUR1dnpHYlJxejdTZGtQWFFQQWVMRjJ2MXFmSjVMRm56Z2RwOUV3WXFFWE01cG9lMnNURDh4YW1zMTJ0VWhvcW5xcDhzV2pTRTFmb1FZYjFXalFLdkpjOUdWMnIyUlJZdEdORmFacmVhSFJRM1pxTGtodWVkVjRZMzI0cjU1NGlid3c5TmNjTndtOFFGcFJIWFpFRGU2WW8yazE3ZkpBUGZEUmlNQnkifX0sImNvbW1hbmQiOiJzdGFydCJ9fX0sImRhdGFjb250ZW50eXBlIjoiYXBwbGljYXRpb24vY2xvdWRldmVudHMiLCJ0aW1lIjoiMjAyMy0wMS0yNVQxMTo1MTo0NS4yMzcwMTg1NjIrMDE6MDAifQo”,“serialized_hmac”:“hmac-sha256:qs6tjMIp5Et8sAbvpHQDIb9W6FZTOkyBkmtDFY-04n0”}

The same client but with cli:

It’s working. Vault in the browser opens correctly.

I think that it’s bug application boundary desktop because in browser and cli it’s working good or I’m doing something wrong. I have no more ideas.