SVI/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-05-17 13:42:11 -04:00
Code Issues 3.0k Packages Projects Releases 10 Wiki Activity

Error: Request failed with status code 401. Please refresh the page if the issue continues. invalid jwt #367

New Issue
Closed
opened 2025-11-20 05:10:17 -05:00 by saavagebueno · 17 comments
saavagebueno commented 2025-11-20 05:10:17 -05:00
Owner
Copy Link

Originally created by @a7g4 on GitHub (Jun 16, 2023).

Describe the problem

After upgrading from v0.14.4 to v0.21.3 I am unable to access the dashboard and get this error:
image

I suspect this is related to the new IdP changes but I am not sure what.

To Reproduce
Steps to reproduce the behavior:

  1. Pull latest https://github.com/netbirdio/netbird.git
  2. Copy infrastructure_files/setup.env.template to infrastructure_files/setup.env (overwrite existing file from old version)
  3. Fill in correct values noting these changes:
    1. Generate a client secret for the netbird-client in Keycloak and NETBIRD_AUTH_CLIENT_SECRET
    2. Create a new client netbird-backend and follow the steps here: https://docs.netbird.io/selfhosted/identity-providers#step-8-create-a-net-bird-backend-client
  4. Re-run ./configure.sh
  5. Run docker compose pull && docker compose down && docker compose up -d

Expected behavior

Things work as they used to

Additional context

I tried setting NETBIRD_MGMT_IDP="none" and the dashboard loads but no clients can connect with this error:

netbird up --management-url https://netbird.XXX:33073 --admin-url https://netbird.XXX:443
Error: login failed: rpc error: code = NotFound desc = no SSO provider returned from management. If you are using hosting Netbird see documentation at https://github.com/netbirdio/netbird/tree/main/management for details
Originally created by @a7g4 on GitHub (Jun 16, 2023). **Describe the problem** After upgrading from v0.14.4 to v0.21.3 I am unable to access the dashboard and get this error: <img width="1487" alt="image" src="https://github.com/netbirdio/netbird/assets/38473816/52759eae-c926-4b12-8172-a202c5a3af8a"> I suspect this is related to the new IdP changes but I am not sure what. **To Reproduce** Steps to reproduce the behavior: 1. Pull latest `https://github.com/netbirdio/netbird.git` 2. Copy `infrastructure_files/setup.env.template` to `infrastructure_files/setup.env` (overwrite existing file from old version) 3. Fill in correct values noting these changes: 1. Generate a client secret for the `netbird-client` in Keycloak and `NETBIRD_AUTH_CLIENT_SECRET` 2. Create a new client `netbird-backend` and follow the steps here: https://docs.netbird.io/selfhosted/identity-providers#step-8-create-a-net-bird-backend-client 4. Re-run `./configure.sh` 4. Run `docker compose pull && docker compose down && docker compose up -d` **Expected behavior** Things work as they used to **Additional context** I tried setting `NETBIRD_MGMT_IDP="none"` and the dashboard loads but no clients can connect with this error: ``` netbird up --management-url https://netbird.XXX:33073 --admin-url https://netbird.XXX:443 Error: login failed: rpc error: code = NotFound desc = no SSO provider returned from management. If you are using hosting Netbird see documentation at https://github.com/netbirdio/netbird/tree/main/management for details ```
saavagebueno added the bugwaiting-feedback labels 2025-11-20 05:10:17 -05:00
saavagebueno commented 2025-11-20 05:10:18 -05:00
Author
Owner
Copy Link

@mlsmaycon commented on GitHub (Jun 16, 2023):

Hello @a7g4 , can you share the management service logs and your setup.env file after masking the sensitive information (domains, secret keys, etc) from it?

@mlsmaycon commented on GitHub (Jun 16, 2023): Hello @a7g4 , can you share the management service logs and your setup.env file after masking the sensitive information (domains, secret keys, etc) from it?
saavagebueno commented 2025-11-20 05:10:18 -05:00
Author
Owner
Copy Link

@a7g4 commented on GitHub (Jun 16, 2023):

setup.env:

## example file, you can copy this file to setup.env and update its values
##
# Dashboard domain. e.g. app.mydomain.com
NETBIRD_DOMAIN="netbird.XXX"

# -------------------------------------------
# OIDC
#  e.g., https://example.eu.auth0.com/.well-known/openid-configuration
# -------------------------------------------
NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://keycloak.XXX/realms/corp/.well-known/openid-configuration"
NETBIRD_AUTH_AUDIENCE="netbird-client"
# e.g. netbird-client
NETBIRD_AUTH_CLIENT_ID="netbird-client"
NETBIRD_AUTH_CLIENT_SECRET="XXX"
# if you want to use a custom claim for the user ID instead of 'sub', set it here
# NETBIRD_AUTH_USER_ID_CLAIM=""
# indicates whether to use Auth0 or not: true or false
NETBIRD_USE_AUTH0="false"
# if your IDP provider doesn't support fragmented URIs, configure custom
# redirect and silent redirect URIs, these will be concatenated into your NETBIRD_DOMAIN domain.
# NETBIRD_AUTH_REDIRECT_URI="/peers"
# NETBIRD_AUTH_SILENT_REDIRECT_URI="/add-peers"
# Updates the preference to use id tokens instead of access token on dashboard
# Okta and Gitlab IDPs can benefit from this
# NETBIRD_TOKEN_SOURCE="idToken"
# -------------------------------------------
# OIDC Device Authorization Flow
# -------------------------------------------
NETBIRD_AUTH_DEVICE_AUTH_PROVIDER="netbird-client"
NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID=""
# Some IDPs requires different audience, scopes and to use id token for device authorization flow
# you can customize here:
NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE=$NETBIRD_AUTH_AUDIENCE
NETBIRD_AUTH_DEVICE_AUTH_SCOPE="openid"
NETBIRD_AUTH_DEVICE_AUTH_USE_ID_TOKEN=false
# -------------------------------------------
# IDP Management
# -------------------------------------------
# eg. zitadel, auth0, azure, keycloak
NETBIRD_MGMT_IDP="keycloak"
# Some IDPs requires different client id and client secret for management api
NETBIRD_IDP_MGMT_CLIENT_ID="netbird-backend"
NETBIRD_IDP_MGMT_CLIENT_SECRET="XXX"
NETBIRD_IDP_MGMT_EXTRA_ADMIN_ENDPOINT="https://keycloak.XXX/admin/realms/corp"
# NETBIRD_IDP_MGMT_EXTRA_ variables. See https://docs.netbird.io/selfhosted/identity-providers for more information about your IDP of choice.
# -------------------------------------------
# Letsencrypt
# -------------------------------------------
# Disable letsencrypt
#  if disabled, cannot use HTTPS anymore and requires setting up a reverse-proxy to do it instead
NETBIRD_DISABLE_LETSENCRYPT=false
# e.g. hello@mydomain.com
NETBIRD_LETSENCRYPT_EMAIL="XXX"
# -------------------------------------------
# Extra settings
# -------------------------------------------
# Disable anonymous metrics collection, see more information at https://netbird.io/docs/FAQ/metrics-collection
NETBIRD_DISABLE_ANONYMOUS_METRICS=false
# DNS DOMAIN configures the domain name used for peer resolution. By default it is netbird.selfhosted
NETBIRD_MGMT_DNS_DOMAIN=XXX

Management logs:

infrastructure_files-management-1  | time="2023-06-16T20:13:49Z" level=info msg="loading OIDC configuration from the provided IDP configuration endpoint https://keycloak.XXXX/realms/corp/.well-known/openid-configuration"
infrastructure_files-management-1  | time="2023-06-16T20:13:50Z" level=info msg="loaded OIDC configuration from the provided IDP configuration endpoint: https://keycloak.XXX/realms/corp/.well-known/openid-configuration"
infrastructure_files-management-1  | time="2023-06-16T20:13:50Z" level=info msg="overriding HttpConfig.AuthIssuer with a new value https://keycloak.XXX/realms/corp, previously configured value: https://keycloak.XXX/realms/corp"
infrastructure_files-management-1  | time="2023-06-16T20:13:50Z" level=info msg="overriding HttpConfig.AuthKeysLocation (JWT certs) with a new value https://keycloak.XXX/realms/corp/protocol/openid-connect/certs, previously configured value: https://keycloak.XXX/realms/corp/protocol/openid-connect/certs"
infrastructure_files-management-1  | 2023-06-16T20:13:50Z INFO management/server/telemetry/app_metrics.go:161: enabled application metrics and exposing on http://0.0.0.0:8081
infrastructure_files-management-1  | 2023-06-16T20:13:50Z INFO management/server/account.go:638: single account mode enabled, accounts number 1
infrastructure_files-management-1  | 2023-06-16T20:13:50Z INFO management/cmd/management.go:233: running gRPC backward compatibility server: [::]:33073
infrastructure_files-management-1  | 2023-06-16T20:13:50Z INFO management/cmd/management.go:265: running HTTP server and gRPC server on the same port: [::]:443
infrastructure_files-management-1  | 2023-06-16T20:13:50Z INFO management/server/account.go:825: warmed up IDP cache with 0 entries
infrastructure_files-management-1  | 2023-06-16T20:13:54Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:13:54Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2211667744: GET /api/users status 401
infrastructure_files-management-1  | 2023-06-16T20:13:55Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:13:55Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:13:55Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:13:55Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3418110597: GET /api/users status 401
infrastructure_files-management-1  | 2023-06-16T20:13:55Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3412554012: GET /api/peers status 401
infrastructure_files-management-1  | 2023-06-16T20:13:55Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2395002159: GET /api/groups status 401
infrastructure_files-management-1  | 2023-06-16T20:14:30Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:14:30Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:14:30Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:14:30Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 880387937: GET /api/users status 401
infrastructure_files-management-1  | 2023-06-16T20:14:30Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1722218135: GET /api/peers status 401
infrastructure_files-management-1  | 2023-06-16T20:14:31Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3802514750: GET /api/groups status 401
infrastructure_files-management-1  | 2023-06-16T20:14:50Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:14:50Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 508241012: GET /api/users status 401
infrastructure_files-management-1  | 2023-06-16T20:14:50Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:14:50Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:14:50Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:14:50Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2849528078: GET /api/users status 401
infrastructure_files-management-1  | 2023-06-16T20:14:50Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1632151311: GET /api/peers status 401
infrastructure_files-management-1  | 2023-06-16T20:14:50Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 4263832331: GET /api/groups status 401
infrastructure_files-management-1  | 2023-06-16T20:14:59Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:14:59Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 710235830: GET /api/users status 401
infrastructure_files-management-1  | 2023-06-16T20:15:00Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:15:00Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:15:00Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:15:00Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3944937754: GET /api/users status 401
infrastructure_files-management-1  | 2023-06-16T20:15:00Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3352265617: GET /api/peers status 401
infrastructure_files-management-1  | 2023-06-16T20:15:00Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 137198349: GET /api/groups status 401
infrastructure_files-management-1  | 2023-06-16T20:15:13Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:15:13Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:15:13Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:15:13Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:15:13Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2928381495: GET /api/groups status 401
infrastructure_files-management-1  | 2023-06-16T20:15:13Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1095323996: GET /api/groups status 401
infrastructure_files-management-1  | 2023-06-16T20:15:14Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1114125115: GET /api/users?service_user=false status 401
infrastructure_files-management-1  | 2023-06-16T20:15:14Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 849930274: GET /api/users status 401
infrastructure_files-management-1  | 2023-06-16T20:15:24Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:15:24Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3332178385: GET /api/users status 401
infrastructure_files-management-1  | 2023-06-16T20:15:25Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:15:25Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:15:25Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:15:25Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1723042344: GET /api/users status 401
infrastructure_files-management-1  | 2023-06-16T20:15:25Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3051062707: GET /api/groups status 401
infrastructure_files-management-1  | 2023-06-16T20:15:25Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1306275105: GET /api/peers status 401
infrastructure_files-management-1  | 2023-06-16T20:19:01Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:19:01Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:19:01Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:19:01Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2528218852: GET /api/users status 401
infrastructure_files-management-1  | 2023-06-16T20:19:01Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3220519441: GET /api/peers status 401
infrastructure_files-management-1  | 2023-06-16T20:19:01Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 216561841: GET /api/groups status 401
infrastructure_files-management-1  | 2023-06-16T20:19:56Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:19:56Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:19:56Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:19:56Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3041306961: GET /api/users status 401
infrastructure_files-management-1  | 2023-06-16T20:19:56Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1342349888: GET /api/peers status 401
infrastructure_files-management-1  | 2023-06-16T20:19:56Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1682124183: GET /api/groups status 401
infrastructure_files-management-1  | 2023-06-16T20:22:42Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:22:42Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2461511402: GET /api/users status 401
infrastructure_files-management-1  | 2023-06-16T20:22:42Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:22:42Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:22:42Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:22:42Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 646400623: GET /api/users status 401
infrastructure_files-management-1  | 2023-06-16T20:22:42Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 950116203: GET /api/peers status 401
infrastructure_files-management-1  | 2023-06-16T20:22:42Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 783724766: GET /api/groups status 401
infrastructure_files-management-1  | 2023-06-16T20:23:32Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:23:32Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:23:32Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:23:32Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1245104892: GET /api/users status 401
infrastructure_files-management-1  | 2023-06-16T20:23:32Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3958465648: GET /api/peers status 401
infrastructure_files-management-1  | 2023-06-16T20:23:32Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 564420133: GET /api/groups status 401
infrastructure_files-management-1  | 2023-06-16T20:27:13Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:27:13Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:27:13Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:27:13Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3523109639: GET /api/users status 401
infrastructure_files-management-1  | 2023-06-16T20:27:13Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 921908523: GET /api/peers status 401
infrastructure_files-management-1  | 2023-06-16T20:27:13Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1709629572: GET /api/groups status 401
infrastructure_files-management-1  | 2023-06-16T20:28:03Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:28:03Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:28:03Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:28:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1933412452: GET /api/users status 401
infrastructure_files-management-1  | 2023-06-16T20:28:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 657611697: GET /api/peers status 401
infrastructure_files-management-1  | 2023-06-16T20:28:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2745785236: GET /api/groups status 401
infrastructure_files-management-1  | 2023-06-16T20:31:44Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:31:44Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:31:44Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:31:44Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2319208828: GET /api/users status 401
infrastructure_files-management-1  | 2023-06-16T20:31:44Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3899488956: GET /api/peers status 401
infrastructure_files-management-1  | 2023-06-16T20:31:44Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1935392305: GET /api/groups status 401
infrastructure_files-management-1  | 2023-06-16T20:32:34Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:32:34Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:32:34Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:32:34Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 4179990269: GET /api/users status 401
infrastructure_files-management-1  | 2023-06-16T20:32:34Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 417756283: GET /api/peers status 401
infrastructure_files-management-1  | 2023-06-16T20:32:34Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3173463474: GET /api/groups status 401
infrastructure_files-management-1  | 2023-06-16T20:36:15Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:36:15Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:36:15Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:36:15Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 945906577: GET /api/users status 401
infrastructure_files-management-1  | 2023-06-16T20:36:16Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 422450056: GET /api/peers status 401
infrastructure_files-management-1  | 2023-06-16T20:36:16Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 406063406: GET /api/groups status 401
infrastructure_files-management-1  | 2023-06-16T20:37:06Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:37:06Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:37:06Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:37:06Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1788541883: GET /api/users status 401
infrastructure_files-management-1  | 2023-06-16T20:37:06Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1790377350: GET /api/peers status 401
infrastructure_files-management-1  | 2023-06-16T20:37:06Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2944422195: GET /api/groups status 401
infrastructure_files-management-1  | 2023-06-16T20:40:46Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:40:46Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:40:46Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:40:47Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3493897694: GET /api/users status 401
infrastructure_files-management-1  | 2023-06-16T20:40:47Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3466033503: GET /api/peers status 401
infrastructure_files-management-1  | 2023-06-16T20:40:47Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1232069786: GET /api/groups status 401
infrastructure_files-management-1  | 2023-06-16T20:41:37Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:41:37Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:41:37Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T20:41:37Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 4090286733: GET /api/users status 401
infrastructure_files-management-1  | 2023-06-16T20:41:37Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 912947053: GET /api/peers status 401
infrastructure_files-management-1  | 2023-06-16T20:41:37Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 771940875: GET /api/groups status 401
@a7g4 commented on GitHub (Jun 16, 2023): `setup.env`: ``` ## example file, you can copy this file to setup.env and update its values ## # Dashboard domain. e.g. app.mydomain.com NETBIRD_DOMAIN="netbird.XXX" # ------------------------------------------- # OIDC # e.g., https://example.eu.auth0.com/.well-known/openid-configuration # ------------------------------------------- NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://keycloak.XXX/realms/corp/.well-known/openid-configuration" NETBIRD_AUTH_AUDIENCE="netbird-client" # e.g. netbird-client NETBIRD_AUTH_CLIENT_ID="netbird-client" NETBIRD_AUTH_CLIENT_SECRET="XXX" # if you want to use a custom claim for the user ID instead of 'sub', set it here # NETBIRD_AUTH_USER_ID_CLAIM="" # indicates whether to use Auth0 or not: true or false NETBIRD_USE_AUTH0="false" # if your IDP provider doesn't support fragmented URIs, configure custom # redirect and silent redirect URIs, these will be concatenated into your NETBIRD_DOMAIN domain. # NETBIRD_AUTH_REDIRECT_URI="/peers" # NETBIRD_AUTH_SILENT_REDIRECT_URI="/add-peers" # Updates the preference to use id tokens instead of access token on dashboard # Okta and Gitlab IDPs can benefit from this # NETBIRD_TOKEN_SOURCE="idToken" # ------------------------------------------- # OIDC Device Authorization Flow # ------------------------------------------- NETBIRD_AUTH_DEVICE_AUTH_PROVIDER="netbird-client" NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID="" # Some IDPs requires different audience, scopes and to use id token for device authorization flow # you can customize here: NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE=$NETBIRD_AUTH_AUDIENCE NETBIRD_AUTH_DEVICE_AUTH_SCOPE="openid" NETBIRD_AUTH_DEVICE_AUTH_USE_ID_TOKEN=false # ------------------------------------------- # IDP Management # ------------------------------------------- # eg. zitadel, auth0, azure, keycloak NETBIRD_MGMT_IDP="keycloak" # Some IDPs requires different client id and client secret for management api NETBIRD_IDP_MGMT_CLIENT_ID="netbird-backend" NETBIRD_IDP_MGMT_CLIENT_SECRET="XXX" NETBIRD_IDP_MGMT_EXTRA_ADMIN_ENDPOINT="https://keycloak.XXX/admin/realms/corp" # NETBIRD_IDP_MGMT_EXTRA_ variables. See https://docs.netbird.io/selfhosted/identity-providers for more information about your IDP of choice. # ------------------------------------------- # Letsencrypt # ------------------------------------------- # Disable letsencrypt # if disabled, cannot use HTTPS anymore and requires setting up a reverse-proxy to do it instead NETBIRD_DISABLE_LETSENCRYPT=false # e.g. hello@mydomain.com NETBIRD_LETSENCRYPT_EMAIL="XXX" # ------------------------------------------- # Extra settings # ------------------------------------------- # Disable anonymous metrics collection, see more information at https://netbird.io/docs/FAQ/metrics-collection NETBIRD_DISABLE_ANONYMOUS_METRICS=false # DNS DOMAIN configures the domain name used for peer resolution. By default it is netbird.selfhosted NETBIRD_MGMT_DNS_DOMAIN=XXX ``` Management logs: ``` infrastructure_files-management-1 | time="2023-06-16T20:13:49Z" level=info msg="loading OIDC configuration from the provided IDP configuration endpoint https://keycloak.XXXX/realms/corp/.well-known/openid-configuration" infrastructure_files-management-1 | time="2023-06-16T20:13:50Z" level=info msg="loaded OIDC configuration from the provided IDP configuration endpoint: https://keycloak.XXX/realms/corp/.well-known/openid-configuration" infrastructure_files-management-1 | time="2023-06-16T20:13:50Z" level=info msg="overriding HttpConfig.AuthIssuer with a new value https://keycloak.XXX/realms/corp, previously configured value: https://keycloak.XXX/realms/corp" infrastructure_files-management-1 | time="2023-06-16T20:13:50Z" level=info msg="overriding HttpConfig.AuthKeysLocation (JWT certs) with a new value https://keycloak.XXX/realms/corp/protocol/openid-connect/certs, previously configured value: https://keycloak.XXX/realms/corp/protocol/openid-connect/certs" infrastructure_files-management-1 | 2023-06-16T20:13:50Z INFO management/server/telemetry/app_metrics.go:161: enabled application metrics and exposing on http://0.0.0.0:8081 infrastructure_files-management-1 | 2023-06-16T20:13:50Z INFO management/server/account.go:638: single account mode enabled, accounts number 1 infrastructure_files-management-1 | 2023-06-16T20:13:50Z INFO management/cmd/management.go:233: running gRPC backward compatibility server: [::]:33073 infrastructure_files-management-1 | 2023-06-16T20:13:50Z INFO management/cmd/management.go:265: running HTTP server and gRPC server on the same port: [::]:443 infrastructure_files-management-1 | 2023-06-16T20:13:50Z INFO management/server/account.go:825: warmed up IDP cache with 0 entries infrastructure_files-management-1 | 2023-06-16T20:13:54Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:13:54Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2211667744: GET /api/users status 401 infrastructure_files-management-1 | 2023-06-16T20:13:55Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:13:55Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:13:55Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:13:55Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3418110597: GET /api/users status 401 infrastructure_files-management-1 | 2023-06-16T20:13:55Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3412554012: GET /api/peers status 401 infrastructure_files-management-1 | 2023-06-16T20:13:55Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2395002159: GET /api/groups status 401 infrastructure_files-management-1 | 2023-06-16T20:14:30Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:14:30Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:14:30Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:14:30Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 880387937: GET /api/users status 401 infrastructure_files-management-1 | 2023-06-16T20:14:30Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1722218135: GET /api/peers status 401 infrastructure_files-management-1 | 2023-06-16T20:14:31Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3802514750: GET /api/groups status 401 infrastructure_files-management-1 | 2023-06-16T20:14:50Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:14:50Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 508241012: GET /api/users status 401 infrastructure_files-management-1 | 2023-06-16T20:14:50Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:14:50Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:14:50Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:14:50Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2849528078: GET /api/users status 401 infrastructure_files-management-1 | 2023-06-16T20:14:50Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1632151311: GET /api/peers status 401 infrastructure_files-management-1 | 2023-06-16T20:14:50Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 4263832331: GET /api/groups status 401 infrastructure_files-management-1 | 2023-06-16T20:14:59Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:14:59Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 710235830: GET /api/users status 401 infrastructure_files-management-1 | 2023-06-16T20:15:00Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:15:00Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:15:00Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:15:00Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3944937754: GET /api/users status 401 infrastructure_files-management-1 | 2023-06-16T20:15:00Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3352265617: GET /api/peers status 401 infrastructure_files-management-1 | 2023-06-16T20:15:00Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 137198349: GET /api/groups status 401 infrastructure_files-management-1 | 2023-06-16T20:15:13Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:15:13Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:15:13Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:15:13Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:15:13Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2928381495: GET /api/groups status 401 infrastructure_files-management-1 | 2023-06-16T20:15:13Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1095323996: GET /api/groups status 401 infrastructure_files-management-1 | 2023-06-16T20:15:14Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1114125115: GET /api/users?service_user=false status 401 infrastructure_files-management-1 | 2023-06-16T20:15:14Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 849930274: GET /api/users status 401 infrastructure_files-management-1 | 2023-06-16T20:15:24Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:15:24Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3332178385: GET /api/users status 401 infrastructure_files-management-1 | 2023-06-16T20:15:25Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:15:25Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:15:25Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:15:25Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1723042344: GET /api/users status 401 infrastructure_files-management-1 | 2023-06-16T20:15:25Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3051062707: GET /api/groups status 401 infrastructure_files-management-1 | 2023-06-16T20:15:25Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1306275105: GET /api/peers status 401 infrastructure_files-management-1 | 2023-06-16T20:19:01Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:19:01Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:19:01Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:19:01Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2528218852: GET /api/users status 401 infrastructure_files-management-1 | 2023-06-16T20:19:01Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3220519441: GET /api/peers status 401 infrastructure_files-management-1 | 2023-06-16T20:19:01Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 216561841: GET /api/groups status 401 infrastructure_files-management-1 | 2023-06-16T20:19:56Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:19:56Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:19:56Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:19:56Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3041306961: GET /api/users status 401 infrastructure_files-management-1 | 2023-06-16T20:19:56Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1342349888: GET /api/peers status 401 infrastructure_files-management-1 | 2023-06-16T20:19:56Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1682124183: GET /api/groups status 401 infrastructure_files-management-1 | 2023-06-16T20:22:42Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:22:42Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2461511402: GET /api/users status 401 infrastructure_files-management-1 | 2023-06-16T20:22:42Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:22:42Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:22:42Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:22:42Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 646400623: GET /api/users status 401 infrastructure_files-management-1 | 2023-06-16T20:22:42Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 950116203: GET /api/peers status 401 infrastructure_files-management-1 | 2023-06-16T20:22:42Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 783724766: GET /api/groups status 401 infrastructure_files-management-1 | 2023-06-16T20:23:32Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:23:32Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:23:32Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:23:32Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1245104892: GET /api/users status 401 infrastructure_files-management-1 | 2023-06-16T20:23:32Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3958465648: GET /api/peers status 401 infrastructure_files-management-1 | 2023-06-16T20:23:32Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 564420133: GET /api/groups status 401 infrastructure_files-management-1 | 2023-06-16T20:27:13Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:27:13Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:27:13Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:27:13Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3523109639: GET /api/users status 401 infrastructure_files-management-1 | 2023-06-16T20:27:13Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 921908523: GET /api/peers status 401 infrastructure_files-management-1 | 2023-06-16T20:27:13Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1709629572: GET /api/groups status 401 infrastructure_files-management-1 | 2023-06-16T20:28:03Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:28:03Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:28:03Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:28:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1933412452: GET /api/users status 401 infrastructure_files-management-1 | 2023-06-16T20:28:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 657611697: GET /api/peers status 401 infrastructure_files-management-1 | 2023-06-16T20:28:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2745785236: GET /api/groups status 401 infrastructure_files-management-1 | 2023-06-16T20:31:44Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:31:44Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:31:44Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:31:44Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2319208828: GET /api/users status 401 infrastructure_files-management-1 | 2023-06-16T20:31:44Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3899488956: GET /api/peers status 401 infrastructure_files-management-1 | 2023-06-16T20:31:44Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1935392305: GET /api/groups status 401 infrastructure_files-management-1 | 2023-06-16T20:32:34Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:32:34Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:32:34Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:32:34Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 4179990269: GET /api/users status 401 infrastructure_files-management-1 | 2023-06-16T20:32:34Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 417756283: GET /api/peers status 401 infrastructure_files-management-1 | 2023-06-16T20:32:34Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3173463474: GET /api/groups status 401 infrastructure_files-management-1 | 2023-06-16T20:36:15Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:36:15Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:36:15Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:36:15Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 945906577: GET /api/users status 401 infrastructure_files-management-1 | 2023-06-16T20:36:16Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 422450056: GET /api/peers status 401 infrastructure_files-management-1 | 2023-06-16T20:36:16Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 406063406: GET /api/groups status 401 infrastructure_files-management-1 | 2023-06-16T20:37:06Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:37:06Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:37:06Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:37:06Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1788541883: GET /api/users status 401 infrastructure_files-management-1 | 2023-06-16T20:37:06Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1790377350: GET /api/peers status 401 infrastructure_files-management-1 | 2023-06-16T20:37:06Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2944422195: GET /api/groups status 401 infrastructure_files-management-1 | 2023-06-16T20:40:46Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:40:46Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:40:46Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:40:47Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3493897694: GET /api/users status 401 infrastructure_files-management-1 | 2023-06-16T20:40:47Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3466033503: GET /api/peers status 401 infrastructure_files-management-1 | 2023-06-16T20:40:47Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1232069786: GET /api/groups status 401 infrastructure_files-management-1 | 2023-06-16T20:41:37Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:41:37Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:41:37Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T20:41:37Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 4090286733: GET /api/users status 401 infrastructure_files-management-1 | 2023-06-16T20:41:37Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 912947053: GET /api/peers status 401 infrastructure_files-management-1 | 2023-06-16T20:41:37Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 771940875: GET /api/groups status 401 ```
saavagebueno commented 2025-11-20 05:10:18 -05:00
Author
Owner
Copy Link

@mlsmaycon commented on GitHub (Jun 16, 2023):

Thanks, @a7g4 , you have a few environment variables that needs to be adjusted adjusted:

#NETBIRD_AUTH_CLIENT_SECRET should be removed

NETBIRD_AUTH_DEVICE_AUTH_PROVIDER=hosted
NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID=netbird-client

After updating these, run the configure.sh once again and restart all containers, then test the dashboard and the client.

@mlsmaycon commented on GitHub (Jun 16, 2023): Thanks, @a7g4 , you have a few environment variables that needs to be adjusted adjusted: ```shell #NETBIRD_AUTH_CLIENT_SECRET should be removed NETBIRD_AUTH_DEVICE_AUTH_PROVIDER=hosted NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID=netbird-client ``` After updating these, run the configure.sh once again and restart all containers, then test the dashboard and the client.
saavagebueno commented 2025-11-20 05:10:18 -05:00
Author
Owner
Copy Link

@a7g4 commented on GitHub (Jun 16, 2023):

`#NETBIRD_AUTH_CLIENT_SECRET should be removed

And set the client back to "Client authentication: OFF" in Keycloak?

Still seeing the same error with this updated setup.env:

## example file, you can copy this file to setup.env and update its values
##
# Dashboard domain. e.g. app.mydomain.com
NETBIRD_DOMAIN="netbird.XXX"

# -------------------------------------------
# OIDC
#  e.g., https://example.eu.auth0.com/.well-known/openid-configuration
# -------------------------------------------
NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://keycloak.XXX/realms/corp/.well-known/openid-configuration"
NETBIRD_AUTH_AUDIENCE="netbird-client"
# e.g. netbird-client
NETBIRD_AUTH_CLIENT_ID="netbird-client"
#NETBIRD_AUTH_CLIENT_SECRET="Pmt94DhcZ7AwnzfyYcXlpx7w4OYPdcHE"
# if you want to use a custom claim for the user ID instead of 'sub', set it here
# NETBIRD_AUTH_USER_ID_CLAIM=""
# indicates whether to use Auth0 or not: true or false
NETBIRD_USE_AUTH0="false"
# if your IDP provider doesn't support fragmented URIs, configure custom
# redirect and silent redirect URIs, these will be concatenated into your NETBIRD_DOMAIN domain.
# NETBIRD_AUTH_REDIRECT_URI="/peers"
# NETBIRD_AUTH_SILENT_REDIRECT_URI="/add-peers"
# Updates the preference to use id tokens instead of access token on dashboard
# Okta and Gitlab IDPs can benefit from this
# NETBIRD_TOKEN_SOURCE="idToken"
# -------------------------------------------
# OIDC Device Authorization Flow
# -------------------------------------------
NETBIRD_AUTH_DEVICE_AUTH_PROVIDER="hosted"
NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID="netbird-client"
# Some IDPs requires different audience, scopes and to use id token for device authorization flow
# you can customize here:
NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE=$NETBIRD_AUTH_AUDIENCE
NETBIRD_AUTH_DEVICE_AUTH_SCOPE="openid"
NETBIRD_AUTH_DEVICE_AUTH_USE_ID_TOKEN=false
# -------------------------------------------
# IDP Management
# -------------------------------------------
# eg. zitadel, auth0, azure, keycloak
NETBIRD_MGMT_IDP="keycloak"
# Some IDPs requires different client id and client secret for management api
NETBIRD_IDP_MGMT_CLIENT_ID="netbird-backend"
NETBIRD_IDP_MGMT_CLIENT_SECRET="ZAWDNdOBWRLCaOsOV8EQGIV7LxnNzDep"
NETBIRD_IDP_MGMT_EXTRA_ADMIN_ENDPOINT="https://keycloak.XXX/admin/realms/corp"
# NETBIRD_IDP_MGMT_EXTRA_ variables. See https://docs.netbird.io/selfhosted/identity-providers for more information about your IDP of choice.
# -------------------------------------------
# Letsencrypt
# -------------------------------------------
# Disable letsencrypt
#  if disabled, cannot use HTTPS anymore and requires setting up a reverse-proxy to do it instead
NETBIRD_DISABLE_LETSENCRYPT=false
# e.g. hello@mydomain.com
NETBIRD_LETSENCRYPT_EMAIL="XXX"
# -------------------------------------------
# Extra settings
# -------------------------------------------
# Disable anonymous metrics collection, see more information at https://netbird.io/docs/FAQ/metrics-collection
NETBIRD_DISABLE_ANONYMOUS_METRICS=false
# DNS DOMAIN configures the domain name used for peer resolution. By default it is netbird.selfhosted
NETBIRD_MGMT_DNS_DOMAIN=XXX

New management logs:

infrastructure_files-management-1  | time="2023-06-16T21:17:37Z" level=info msg="loading OIDC configuration from the provided IDP configuration endpoint https://keycloak.XXX/realms/corp/.well-known/openid-configuration"
infrastructure_files-management-1  | time="2023-06-16T21:17:37Z" level=info msg="loaded OIDC configuration from the provided IDP configuration endpoint: https://keycloak.XXX/realms/corp/.well-known/openid-configuration"
infrastructure_files-management-1  | time="2023-06-16T21:17:37Z" level=info msg="overriding HttpConfig.AuthIssuer with a new value https://keycloak.XXX/realms/corp, previously configured value: https://keycloak.XXX/realms/corp"
infrastructure_files-management-1  | time="2023-06-16T21:17:37Z" level=info msg="overriding HttpConfig.AuthKeysLocation (JWT certs) with a new value https://keycloak.XXX/realms/corp/protocol/openid-connect/certs, previously configured value: https://keycloak.XXX/realms/corp/protocol/openid-connect/certs"
infrastructure_files-management-1  | time="2023-06-16T21:17:37Z" level=info msg="overriding DeviceAuthorizationFlow.TokenEndpoint with a new value: https://keycloak.XXX/realms/corp/protocol/openid-connect/token, previously configured value: https://keycloak.XXX/realms/corp/protocol/openid-connect/token"
infrastructure_files-management-1  | time="2023-06-16T21:17:37Z" level=info msg="overriding DeviceAuthorizationFlow.DeviceAuthEndpoint with a new value: https://keycloak.XXX/realms/corp/protocol/openid-connect/auth/device, previously configured value: https://keycloak.XXX/realms/corp/protocol/openid-connect/auth/device"
infrastructure_files-management-1  | time="2023-06-16T21:17:37Z" level=info msg="overriding DeviceAuthorizationFlow.ProviderConfig.Domain with a new value: keycloak.XXX, previously configured value: "
infrastructure_files-management-1  | 2023-06-16T21:17:37Z INFO management/server/telemetry/app_metrics.go:161: enabled application metrics and exposing on http://0.0.0.0:8081
infrastructure_files-management-1  | 2023-06-16T21:17:37Z INFO management/server/account.go:638: single account mode enabled, accounts number 1
infrastructure_files-management-1  | 2023-06-16T21:17:37Z INFO management/cmd/management.go:233: running gRPC backward compatibility server: [::]:33073
infrastructure_files-management-1  | 2023-06-16T21:17:37Z INFO management/cmd/management.go:265: running HTTP server and gRPC server on the same port: [::]:443
infrastructure_files-management-1  | 2023-06-16T21:17:37Z INFO management/server/account.go:825: warmed up IDP cache with 0 entries
infrastructure_files-management-1  | 2023-06-16T21:17:43Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T21:17:43Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T21:17:43Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T21:17:43Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 293298994: GET /api/users status 401
infrastructure_files-management-1  | 2023-06-16T21:17:43Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 4282091933: GET /api/peers status 401
infrastructure_files-management-1  | 2023-06-16T21:17:43Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2855558828: GET /api/groups status 401
infrastructure_files-management-1  | 2023-06-16T21:19:53Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T21:19:53Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T21:19:53Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T21:19:53Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3835051607: GET /api/users status 401
infrastructure_files-management-1  | 2023-06-16T21:19:53Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 4205796443: GET /api/peers status 401
infrastructure_files-management-1  | 2023-06-16T21:19:53Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1250870319: GET /api/groups status 401

(Side note: if you have a paid support plan, we'd happily sign up :) )

EDIT: I failed at redacting data 😑 client secrets have been rotated

@a7g4 commented on GitHub (Jun 16, 2023): > `#NETBIRD_AUTH_CLIENT_SECRET should be removed And set the client back to "Client authentication: OFF" in Keycloak? Still seeing the same error with this updated setup.env: ``` ## example file, you can copy this file to setup.env and update its values ## # Dashboard domain. e.g. app.mydomain.com NETBIRD_DOMAIN="netbird.XXX" # ------------------------------------------- # OIDC # e.g., https://example.eu.auth0.com/.well-known/openid-configuration # ------------------------------------------- NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://keycloak.XXX/realms/corp/.well-known/openid-configuration" NETBIRD_AUTH_AUDIENCE="netbird-client" # e.g. netbird-client NETBIRD_AUTH_CLIENT_ID="netbird-client" #NETBIRD_AUTH_CLIENT_SECRET="Pmt94DhcZ7AwnzfyYcXlpx7w4OYPdcHE" # if you want to use a custom claim for the user ID instead of 'sub', set it here # NETBIRD_AUTH_USER_ID_CLAIM="" # indicates whether to use Auth0 or not: true or false NETBIRD_USE_AUTH0="false" # if your IDP provider doesn't support fragmented URIs, configure custom # redirect and silent redirect URIs, these will be concatenated into your NETBIRD_DOMAIN domain. # NETBIRD_AUTH_REDIRECT_URI="/peers" # NETBIRD_AUTH_SILENT_REDIRECT_URI="/add-peers" # Updates the preference to use id tokens instead of access token on dashboard # Okta and Gitlab IDPs can benefit from this # NETBIRD_TOKEN_SOURCE="idToken" # ------------------------------------------- # OIDC Device Authorization Flow # ------------------------------------------- NETBIRD_AUTH_DEVICE_AUTH_PROVIDER="hosted" NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID="netbird-client" # Some IDPs requires different audience, scopes and to use id token for device authorization flow # you can customize here: NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE=$NETBIRD_AUTH_AUDIENCE NETBIRD_AUTH_DEVICE_AUTH_SCOPE="openid" NETBIRD_AUTH_DEVICE_AUTH_USE_ID_TOKEN=false # ------------------------------------------- # IDP Management # ------------------------------------------- # eg. zitadel, auth0, azure, keycloak NETBIRD_MGMT_IDP="keycloak" # Some IDPs requires different client id and client secret for management api NETBIRD_IDP_MGMT_CLIENT_ID="netbird-backend" NETBIRD_IDP_MGMT_CLIENT_SECRET="ZAWDNdOBWRLCaOsOV8EQGIV7LxnNzDep" NETBIRD_IDP_MGMT_EXTRA_ADMIN_ENDPOINT="https://keycloak.XXX/admin/realms/corp" # NETBIRD_IDP_MGMT_EXTRA_ variables. See https://docs.netbird.io/selfhosted/identity-providers for more information about your IDP of choice. # ------------------------------------------- # Letsencrypt # ------------------------------------------- # Disable letsencrypt # if disabled, cannot use HTTPS anymore and requires setting up a reverse-proxy to do it instead NETBIRD_DISABLE_LETSENCRYPT=false # e.g. hello@mydomain.com NETBIRD_LETSENCRYPT_EMAIL="XXX" # ------------------------------------------- # Extra settings # ------------------------------------------- # Disable anonymous metrics collection, see more information at https://netbird.io/docs/FAQ/metrics-collection NETBIRD_DISABLE_ANONYMOUS_METRICS=false # DNS DOMAIN configures the domain name used for peer resolution. By default it is netbird.selfhosted NETBIRD_MGMT_DNS_DOMAIN=XXX ``` New management logs: ``` infrastructure_files-management-1 | time="2023-06-16T21:17:37Z" level=info msg="loading OIDC configuration from the provided IDP configuration endpoint https://keycloak.XXX/realms/corp/.well-known/openid-configuration" infrastructure_files-management-1 | time="2023-06-16T21:17:37Z" level=info msg="loaded OIDC configuration from the provided IDP configuration endpoint: https://keycloak.XXX/realms/corp/.well-known/openid-configuration" infrastructure_files-management-1 | time="2023-06-16T21:17:37Z" level=info msg="overriding HttpConfig.AuthIssuer with a new value https://keycloak.XXX/realms/corp, previously configured value: https://keycloak.XXX/realms/corp" infrastructure_files-management-1 | time="2023-06-16T21:17:37Z" level=info msg="overriding HttpConfig.AuthKeysLocation (JWT certs) with a new value https://keycloak.XXX/realms/corp/protocol/openid-connect/certs, previously configured value: https://keycloak.XXX/realms/corp/protocol/openid-connect/certs" infrastructure_files-management-1 | time="2023-06-16T21:17:37Z" level=info msg="overriding DeviceAuthorizationFlow.TokenEndpoint with a new value: https://keycloak.XXX/realms/corp/protocol/openid-connect/token, previously configured value: https://keycloak.XXX/realms/corp/protocol/openid-connect/token" infrastructure_files-management-1 | time="2023-06-16T21:17:37Z" level=info msg="overriding DeviceAuthorizationFlow.DeviceAuthEndpoint with a new value: https://keycloak.XXX/realms/corp/protocol/openid-connect/auth/device, previously configured value: https://keycloak.XXX/realms/corp/protocol/openid-connect/auth/device" infrastructure_files-management-1 | time="2023-06-16T21:17:37Z" level=info msg="overriding DeviceAuthorizationFlow.ProviderConfig.Domain with a new value: keycloak.XXX, previously configured value: " infrastructure_files-management-1 | 2023-06-16T21:17:37Z INFO management/server/telemetry/app_metrics.go:161: enabled application metrics and exposing on http://0.0.0.0:8081 infrastructure_files-management-1 | 2023-06-16T21:17:37Z INFO management/server/account.go:638: single account mode enabled, accounts number 1 infrastructure_files-management-1 | 2023-06-16T21:17:37Z INFO management/cmd/management.go:233: running gRPC backward compatibility server: [::]:33073 infrastructure_files-management-1 | 2023-06-16T21:17:37Z INFO management/cmd/management.go:265: running HTTP server and gRPC server on the same port: [::]:443 infrastructure_files-management-1 | 2023-06-16T21:17:37Z INFO management/server/account.go:825: warmed up IDP cache with 0 entries infrastructure_files-management-1 | 2023-06-16T21:17:43Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T21:17:43Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T21:17:43Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T21:17:43Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 293298994: GET /api/users status 401 infrastructure_files-management-1 | 2023-06-16T21:17:43Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 4282091933: GET /api/peers status 401 infrastructure_files-management-1 | 2023-06-16T21:17:43Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2855558828: GET /api/groups status 401 infrastructure_files-management-1 | 2023-06-16T21:19:53Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T21:19:53Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T21:19:53Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T21:19:53Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3835051607: GET /api/users status 401 infrastructure_files-management-1 | 2023-06-16T21:19:53Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 4205796443: GET /api/peers status 401 infrastructure_files-management-1 | 2023-06-16T21:19:53Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1250870319: GET /api/groups status 401 ``` (Side note: if you have a paid support plan, we'd happily sign up :) ) EDIT: I failed at redacting data 😑 client secrets have been rotated
saavagebueno commented 2025-11-20 05:10:19 -05:00
Author
Owner
Copy Link

@a7g4 commented on GitHub (Jun 16, 2023):

Ooops - slightly different than before actually.

The dashboard is the same

But when I try to connect I get a different error:

netbird up --management-url https://netbird.mapless.dev:33073 --admin-url https://netbird.XXX:443
Please do the SSO login in your browser. 
If your browser didn't open automatically, use this URL to log in:

 https://keycloak.XXX/realms/corp/device?user_code=LHCX-ZVPD

After going through the login flow with Keycloak, the client spits out this:

Error: waiting sso login failed with: rpc error: code = Internal desc = failed handling request

These looks like the relevant logs from the management container:

infrastructure_files-management-1  | 2023-06-16T21:26:44Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2181928835: GET /api/users status 401
infrastructure_files-management-1  | 2023-06-16T21:26:44Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3250480700: GET /api/peers status 401
infrastructure_files-management-1  | 2023-06-16T21:26:44Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 941238992: GET /api/groups status 401
infrastructure_files-management-1  | 2023-06-16T21:27:13Z WARN management/server/grpcserver.go:322: failed logging in peer a6DQxBa9eybXlFTcE2+IsMZ6J8TIl+JL1L/wiQQaiys=
infrastructure_files-management-1  | 2023-06-16T21:27:22Z WARN management/server/grpcserver.go:322: failed logging in peer a6DQxBa9eybXlFTcE2+IsMZ6J8TIl+JL1L/wiQQaiys=
infrastructure_files-management-1  | 2023-06-16T21:27:22Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T21:27:22Z WARN management/server/grpcserver.go:305: failed validating JWT token sent from peer a6DQxBa9eybXlFTcE2+IsMZ6J8TIl+JL1L/wiQQaiys=
infrastructure_files-management-1  | 2023-06-16T21:27:22Z ERRO management/server/grpcserver.go:234: got an unhandled error: rpc error: code = Internal desc = unable to fetch account with claims, err: updating user's app metadata failed with: unable to update the appMetadata, statusCode 404
infrastructure_files-management-1  | 2023-06-16T21:27:47Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T21:27:47Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1488696707: GET /api/users status 401
infrastructure_files-management-1  | 2023-06-16T21:27:47Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T21:27:47Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T21:27:47Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled
infrastructure_files-management-1  | 2023-06-16T21:27:47Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3084311871: GET /api/users status 401
infrastructure_files-management-1  | 2023-06-16T21:27:47Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 4062223927: GET /api/peers status 401
infrastructure_files-management-1  | 2023-06-16T21:27:47Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1425110249: GET /api/groups status 401
@a7g4 commented on GitHub (Jun 16, 2023): Ooops - slightly different than before actually. The dashboard is the same But when I try to connect I get a different error: ``` netbird up --management-url https://netbird.mapless.dev:33073 --admin-url https://netbird.XXX:443 Please do the SSO login in your browser. If your browser didn't open automatically, use this URL to log in: https://keycloak.XXX/realms/corp/device?user_code=LHCX-ZVPD ``` After going through the login flow with Keycloak, the client spits out this: ``` Error: waiting sso login failed with: rpc error: code = Internal desc = failed handling request ``` These looks like the relevant logs from the management container: ``` infrastructure_files-management-1 | 2023-06-16T21:26:44Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2181928835: GET /api/users status 401 infrastructure_files-management-1 | 2023-06-16T21:26:44Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3250480700: GET /api/peers status 401 infrastructure_files-management-1 | 2023-06-16T21:26:44Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 941238992: GET /api/groups status 401 infrastructure_files-management-1 | 2023-06-16T21:27:13Z WARN management/server/grpcserver.go:322: failed logging in peer a6DQxBa9eybXlFTcE2+IsMZ6J8TIl+JL1L/wiQQaiys= infrastructure_files-management-1 | 2023-06-16T21:27:22Z WARN management/server/grpcserver.go:322: failed logging in peer a6DQxBa9eybXlFTcE2+IsMZ6J8TIl+JL1L/wiQQaiys= infrastructure_files-management-1 | 2023-06-16T21:27:22Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T21:27:22Z WARN management/server/grpcserver.go:305: failed validating JWT token sent from peer a6DQxBa9eybXlFTcE2+IsMZ6J8TIl+JL1L/wiQQaiys= infrastructure_files-management-1 | 2023-06-16T21:27:22Z ERRO management/server/grpcserver.go:234: got an unhandled error: rpc error: code = Internal desc = unable to fetch account with claims, err: updating user's app metadata failed with: unable to update the appMetadata, statusCode 404 infrastructure_files-management-1 | 2023-06-16T21:27:47Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T21:27:47Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1488696707: GET /api/users status 401 infrastructure_files-management-1 | 2023-06-16T21:27:47Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T21:27:47Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T21:27:47Z INFO management/server/account.go:1223: overriding JWT Domain and DomainCategory claims since single account mode is enabled infrastructure_files-management-1 | 2023-06-16T21:27:47Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3084311871: GET /api/users status 401 infrastructure_files-management-1 | 2023-06-16T21:27:47Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 4062223927: GET /api/peers status 401 infrastructure_files-management-1 | 2023-06-16T21:27:47Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1425110249: GET /api/groups status 401 ```
saavagebueno commented 2025-11-20 05:10:19 -05:00
Author
Owner
Copy Link

@mlsmaycon commented on GitHub (Jun 16, 2023):

Could you set none for MGM IDP, NETBIRD_MGMT_IDP=none, and try the steps again? The IDP management might be causing the issues.

@mlsmaycon commented on GitHub (Jun 16, 2023): Could you set none for MGM IDP, `NETBIRD_MGMT_IDP=none`, and try the steps again? The IDP management might be causing the issues.
saavagebueno commented 2025-11-20 05:10:19 -05:00
Author
Owner
Copy Link

@a7g4 commented on GitHub (Jun 16, 2023):

Woohooo 🎉 that works

Clients can connect and the dashboard works!

What does the IDP management do? (And is it worth me debugging why that isn't working)?

@a7g4 commented on GitHub (Jun 16, 2023): Woohooo 🎉 that works Clients can connect and the dashboard works! What does the IDP management do? (And is it worth me debugging why that isn't working)?
saavagebueno commented 2025-11-20 05:10:19 -05:00
Author
Owner
Copy Link

@mlsmaycon commented on GitHub (Jun 17, 2023):

The IDP manager is mainly mapping user IDs from netbird management system to emails from your IDP

It needs permissions to update your IDP user's attributes, like it adds the netbird account ID to a user.

@mlsmaycon commented on GitHub (Jun 17, 2023): The IDP manager is mainly mapping user IDs from netbird management system to emails from your IDP It needs permissions to update your IDP user's attributes, like it adds the netbird account ID to a user.
saavagebueno commented 2025-11-20 05:10:19 -05:00
Author
Owner
Copy Link

@UncleJ4ck commented on GitHub (Jun 28, 2023):

i have the same error with a different return code:

2023-06-29-02 24 15-screenshot(1)

Request failed with status code 401. Please refresh the page if the issue continues.
token invalid

docker management logs:


2023-06-28T23:33:07Z INFO management/server/telemetry/app_metrics.go:161: enabled application metrics and exposing on http://0.0.0.0:8081
2023-06-28T23:33:07Z INFO management/server/account.go:638: single account mode enabled, accounts number 0
2023-06-28T23:33:07Z INFO management/cmd/management.go:233: running gRPC backward compatibility server: [::]:33073
2023-06-28T23:33:07Z INFO management/cmd/management.go:265: running HTTP server and gRPC server on the same port: [::]:443
2023-06-28T23:33:11Z WARN management/server/account.go:674: failed warming up cache due to error: unable to get keycloak token, statusCode 401

that's my setup.env:

## example file, you can copy this file to setup.env and update its values
##
# Dashboard domain. e.g. app.mydomain.com
NETBIRD_DOMAIN="XXXXX"

# -------------------------------------------
# OIDC
#  e.g., https://example.eu.auth0.com/.well-known/openid-configuration
# ------------------------------------------
NETBIRD_AUTH_DEVICE_AUTH_PROVIDER=hosted
NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://XXXXX/auth/realms/netbird/.well-known/openid-configuration"
NETBIRD_USE_AUTH0=false
NETBIRD_AUTH_CLIENT_ID="netbird-client"
NETBIRD_AUTH_AUDIENCE="netbird-client"
NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID="netbird-client"
NETBIRD_MGMT_IDP="keycloak"
NETBIRD_IDP_MGMT_CLIENT_ID="netbird-backend"
NETBIRD_IDP_MGMT_CLIENT_SECRET="XXXXX"
NETBIRD_IDP_MGMT_EXTRA_ADMIN_ENDPOINT="https://XXXXX/auth/realms/netbird"

# -------------------------------------------
# Letsencrypt
# -------------------------------------------
# Disable letsencrypt
#  if disabled, cannot use HTTPS anymore and requires setting up a reverse-proxy to do it instead
# e.g. hello@mydomain.com
NETBIRD_LETSENCRYPT_EMAIL="XXXXX"
# -------------------------------------------
# Extra settings
# -------------------------------------------
# Disable anonymous metrics collection, see more information at https://netbird.io/docs/FAQ/metrics-collection
NETBIRD_DISABLE_ANONYMOUS_METRICS=false
# DNS DOMAIN configures the domain name used for peer resolution. By default it is netbird.selfhosted
NETBIRD_MGMT_DNS_DOMAIN=netbird.selfhosted

when i try to connect in the client side:

sudo netbird up --management-url https://XXXXXXXX:33073
Error: login failed: rpc error: code = NotFound desc = no SSO provider returned from management. If you are using hosting Netbird see documentation at https://github.com/netbirdio/netbird/tree/main/management for details

for the netbird-backend, i didn't do the management steps because, the services accounts roles tab is missing
2023-06-29-01 09 26-screenshot

new management logs:

2023-06-28T23:33:07Z INFO management/server/telemetry/app_metrics.go:161: enabled application metrics and exposing on http://0.0.0.0:8081
2023-06-28T23:33:07Z INFO management/server/account.go:638: single account mode enabled, accounts number 0
2023-06-28T23:33:07Z INFO management/cmd/management.go:233: running gRPC backward compatibility server: [::]:33073
2023-06-28T23:33:07Z INFO management/cmd/management.go:265: running HTTP server and gRPC server on the same port: [::]:443
2023-06-28T23:33:11Z WARN management/server/account.go:674: failed warming up cache due to error: unable to get keycloak token, statusCode 401
2023-06-29T00:19:15Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3101701186: GET /api/users status 401
2023-06-29T00:19:15Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 335186381: GET /api/peers status 401
2023-06-29T00:19:15Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 449313820: GET /api/groups status 401
2023-06-29T00:19:15Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 780097130: GET /api/users status 401
2023-06-29T00:23:46Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3241716118: GET /api/peers status 401
2023-06-29T00:23:46Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 376855912: GET /api/users status 401
2023-06-29T00:23:46Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3584425485: GET /api/groups status 401
2023-06-29T00:23:50Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 997841889: GET /api/users status 401
2023-06-29T00:23:50Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3647231711: GET /api/users status 401
2023-06-29T00:23:50Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2307183365: GET /api/peers status 401
2023-06-29T00:23:50Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 418149988: GET /api/groups status 401
2023-06-29T00:24:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3370837239: GET /api/groups status 401
2023-06-29T00:24:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2633305945: GET /api/users status 401
2023-06-29T00:24:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1883989961: GET /api/users?service_user=false status 401
2023-06-29T00:24:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1727792694: GET /api/groups status 401
2023-06-29T00:24:04Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 127726435: GET /api/users status 401
2023-06-29T00:24:04Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1972559671: GET /api/groups status 401
2023-06-29T00:24:04Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3935102461: GET /api/peers status 401
2023-06-29T00:28:21Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 549383702: GET /api/peers status 401
2023-06-29T00:28:21Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3104191757: GET /api/users status 401
2023-06-29T00:28:21Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3006261035: GET /api/groups status 401
2023-06-29T00:30:18Z WARN management/server/grpcserver.go:322: failed logging in peer sajM8Azu99EOT4XkyUrxnVzlk9xMn5pL1tkkNCgT72w=
2023-06-29T00:30:21Z WARN management/server/grpcserver.go:322: failed logging in peer sajM8Azu99EOT4XkyUrxnVzlk9xMn5pL1tkkNCgT72w=
2023-06-29T00:32:52Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2288542812: GET /api/users status 401
2023-06-29T00:32:52Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1587588152: GET /api/peers status 401
2023-06-29T00:32:52Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 584506530: GET /api/groups status 401
2023-06-29T00:33:55Z WARN management/server/grpcserver.go:322: failed logging in peer sajM8Azu99EOT4XkyUrxnVzlk9xMn5pL1tkkNCgT72w=
@UncleJ4ck commented on GitHub (Jun 28, 2023): i have the same error with a different return code: ![2023-06-29-02 24 15-screenshot(1)](https://github.com/netbirdio/netbird/assets/52085661/fb8aefc4-eb04-4d1f-bbef-651e801388e5) ``` Request failed with status code 401. Please refresh the page if the issue continues. token invalid ``` docker management logs: ``` 2023-06-28T23:33:07Z INFO management/server/telemetry/app_metrics.go:161: enabled application metrics and exposing on http://0.0.0.0:8081 2023-06-28T23:33:07Z INFO management/server/account.go:638: single account mode enabled, accounts number 0 2023-06-28T23:33:07Z INFO management/cmd/management.go:233: running gRPC backward compatibility server: [::]:33073 2023-06-28T23:33:07Z INFO management/cmd/management.go:265: running HTTP server and gRPC server on the same port: [::]:443 2023-06-28T23:33:11Z WARN management/server/account.go:674: failed warming up cache due to error: unable to get keycloak token, statusCode 401 ``` that's my setup.env: ``` ## example file, you can copy this file to setup.env and update its values ## # Dashboard domain. e.g. app.mydomain.com NETBIRD_DOMAIN="XXXXX" # ------------------------------------------- # OIDC # e.g., https://example.eu.auth0.com/.well-known/openid-configuration # ------------------------------------------ NETBIRD_AUTH_DEVICE_AUTH_PROVIDER=hosted NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://XXXXX/auth/realms/netbird/.well-known/openid-configuration" NETBIRD_USE_AUTH0=false NETBIRD_AUTH_CLIENT_ID="netbird-client" NETBIRD_AUTH_AUDIENCE="netbird-client" NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID="netbird-client" NETBIRD_MGMT_IDP="keycloak" NETBIRD_IDP_MGMT_CLIENT_ID="netbird-backend" NETBIRD_IDP_MGMT_CLIENT_SECRET="XXXXX" NETBIRD_IDP_MGMT_EXTRA_ADMIN_ENDPOINT="https://XXXXX/auth/realms/netbird" # ------------------------------------------- # Letsencrypt # ------------------------------------------- # Disable letsencrypt # if disabled, cannot use HTTPS anymore and requires setting up a reverse-proxy to do it instead # e.g. hello@mydomain.com NETBIRD_LETSENCRYPT_EMAIL="XXXXX" # ------------------------------------------- # Extra settings # ------------------------------------------- # Disable anonymous metrics collection, see more information at https://netbird.io/docs/FAQ/metrics-collection NETBIRD_DISABLE_ANONYMOUS_METRICS=false # DNS DOMAIN configures the domain name used for peer resolution. By default it is netbird.selfhosted NETBIRD_MGMT_DNS_DOMAIN=netbird.selfhosted ``` when i try to connect in the client side: ``` sudo netbird up --management-url https://XXXXXXXX:33073 Error: login failed: rpc error: code = NotFound desc = no SSO provider returned from management. If you are using hosting Netbird see documentation at https://github.com/netbirdio/netbird/tree/main/management for details ``` for the netbird-backend, i didn't do the management steps because, the ```services accounts roles``` tab is missing ![2023-06-29-01 09 26-screenshot](https://github.com/netbirdio/netbird/assets/52085661/5e12e1b0-0711-4deb-a49b-21cc1c92c92f) new management logs: ``` 2023-06-28T23:33:07Z INFO management/server/telemetry/app_metrics.go:161: enabled application metrics and exposing on http://0.0.0.0:8081 2023-06-28T23:33:07Z INFO management/server/account.go:638: single account mode enabled, accounts number 0 2023-06-28T23:33:07Z INFO management/cmd/management.go:233: running gRPC backward compatibility server: [::]:33073 2023-06-28T23:33:07Z INFO management/cmd/management.go:265: running HTTP server and gRPC server on the same port: [::]:443 2023-06-28T23:33:11Z WARN management/server/account.go:674: failed warming up cache due to error: unable to get keycloak token, statusCode 401 2023-06-29T00:19:15Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3101701186: GET /api/users status 401 2023-06-29T00:19:15Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 335186381: GET /api/peers status 401 2023-06-29T00:19:15Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 449313820: GET /api/groups status 401 2023-06-29T00:19:15Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 780097130: GET /api/users status 401 2023-06-29T00:23:46Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3241716118: GET /api/peers status 401 2023-06-29T00:23:46Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 376855912: GET /api/users status 401 2023-06-29T00:23:46Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3584425485: GET /api/groups status 401 2023-06-29T00:23:50Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 997841889: GET /api/users status 401 2023-06-29T00:23:50Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3647231711: GET /api/users status 401 2023-06-29T00:23:50Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2307183365: GET /api/peers status 401 2023-06-29T00:23:50Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 418149988: GET /api/groups status 401 2023-06-29T00:24:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3370837239: GET /api/groups status 401 2023-06-29T00:24:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2633305945: GET /api/users status 401 2023-06-29T00:24:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1883989961: GET /api/users?service_user=false status 401 2023-06-29T00:24:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1727792694: GET /api/groups status 401 2023-06-29T00:24:04Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 127726435: GET /api/users status 401 2023-06-29T00:24:04Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1972559671: GET /api/groups status 401 2023-06-29T00:24:04Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3935102461: GET /api/peers status 401 2023-06-29T00:28:21Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 549383702: GET /api/peers status 401 2023-06-29T00:28:21Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3104191757: GET /api/users status 401 2023-06-29T00:28:21Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3006261035: GET /api/groups status 401 2023-06-29T00:30:18Z WARN management/server/grpcserver.go:322: failed logging in peer sajM8Azu99EOT4XkyUrxnVzlk9xMn5pL1tkkNCgT72w= 2023-06-29T00:30:21Z WARN management/server/grpcserver.go:322: failed logging in peer sajM8Azu99EOT4XkyUrxnVzlk9xMn5pL1tkkNCgT72w= 2023-06-29T00:32:52Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2288542812: GET /api/users status 401 2023-06-29T00:32:52Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1587588152: GET /api/peers status 401 2023-06-29T00:32:52Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 584506530: GET /api/groups status 401 2023-06-29T00:33:55Z WARN management/server/grpcserver.go:322: failed logging in peer sajM8Azu99EOT4XkyUrxnVzlk9xMn5pL1tkkNCgT72w= ````
saavagebueno commented 2025-11-20 05:10:19 -05:00
Author
Owner
Copy Link

@UncleJ4ck commented on GitHub (Jun 28, 2023):

Could you set none for MGM IDP, NETBIRD_MGMT_IDP=none, and try the steps again? The IDP management might be causing the issues.

when i applied your solution, there was no error in the logs as you can see except for the failed logging

2023-06-29T00:37:02Z INFO management/server/telemetry/app_metrics.go:161: enabled application metrics and exposing on http://0.0.0.0:8081
2023-06-29T00:37:02Z INFO management/server/account.go:638: single account mode enabled, accounts number 0
2023-06-29T00:37:02Z INFO management/cmd/management.go:233: running gRPC backward compatibility server: [::]:33073
2023-06-29T00:37:02Z INFO management/cmd/management.go:265: running HTTP server and gRPC server on the same port: [::]:443
2023-06-29T00:37:20Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1156255722: GET /api/users status 401
2023-06-29T00:37:21Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 4216770680: GET /api/users status 401
2023-06-29T00:37:21Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2500198024: GET /api/peers status 401
2023-06-29T00:37:21Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2101615207: GET /api/groups status 401
2023-06-29T00:37:26Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1358336014: GET /api/users status 401
2023-06-29T00:37:26Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2754622528: GET /api/peers status 401
2023-06-29T00:37:26Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 107507818: GET /api/groups status 401
2023-06-29T00:37:26Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3121298828: GET /api/users status 401
2023-06-29T00:37:46Z WARN management/server/grpcserver.go:322: failed logging in peer sajM8Azu99EOT4XkyUrxnVzlk9xMn5pL1tkkNCgT72w=

but when i tried to connect in the client side, it didn't work:

sudo netbird up --management-url https://XXXXXXXXXXX:33073
Please do the SSO login in your browser.
If your browser didn't open automatically, use this URL to log in:

 https://XXXXXXXXXXXXX/auth/realms/netbird/device?user_code=TUNW-JWND

Alternatively, you may want to use a setup key, see:

 https://www.netbird.io/docs/overview/setup-keys
^[[1;2D²Error: waiting sso login failed with: rpc error: code = Unknown desc = validate access token failed with error: invalid JWT token audience field
@UncleJ4ck commented on GitHub (Jun 28, 2023): > Could you set none for MGM IDP, `NETBIRD_MGMT_IDP=none`, and try the steps again? The IDP management might be causing the issues. when i applied your solution, there was no error in the logs as you can see except for the failed logging ``` 2023-06-29T00:37:02Z INFO management/server/telemetry/app_metrics.go:161: enabled application metrics and exposing on http://0.0.0.0:8081 2023-06-29T00:37:02Z INFO management/server/account.go:638: single account mode enabled, accounts number 0 2023-06-29T00:37:02Z INFO management/cmd/management.go:233: running gRPC backward compatibility server: [::]:33073 2023-06-29T00:37:02Z INFO management/cmd/management.go:265: running HTTP server and gRPC server on the same port: [::]:443 2023-06-29T00:37:20Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1156255722: GET /api/users status 401 2023-06-29T00:37:21Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 4216770680: GET /api/users status 401 2023-06-29T00:37:21Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2500198024: GET /api/peers status 401 2023-06-29T00:37:21Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2101615207: GET /api/groups status 401 2023-06-29T00:37:26Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 1358336014: GET /api/users status 401 2023-06-29T00:37:26Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2754622528: GET /api/peers status 401 2023-06-29T00:37:26Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 107507818: GET /api/groups status 401 2023-06-29T00:37:26Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3121298828: GET /api/users status 401 2023-06-29T00:37:46Z WARN management/server/grpcserver.go:322: failed logging in peer sajM8Azu99EOT4XkyUrxnVzlk9xMn5pL1tkkNCgT72w= ``` but when i tried to connect in the client side, it didn't work: ``` sudo netbird up --management-url https://XXXXXXXXXXX:33073 Please do the SSO login in your browser. If your browser didn't open automatically, use this URL to log in: https://XXXXXXXXXXXXX/auth/realms/netbird/device?user_code=TUNW-JWND Alternatively, you may want to use a setup key, see: https://www.netbird.io/docs/overview/setup-keys ^[[1;2D²Error: waiting sso login failed with: rpc error: code = Unknown desc = validate access token failed with error: invalid JWT token audience field ```
saavagebueno commented 2025-11-20 05:10:19 -05:00
Author
Owner
Copy Link

@UncleJ4ck commented on GitHub (Jun 28, 2023):

i solved the issue about keycloak service account roles, you should check it in the settings to appear

2023-06-29-02 49 59-screenshot

but the problem persists

@UncleJ4ck commented on GitHub (Jun 28, 2023): i solved the issue about keycloak service account roles, you should check it in the settings to appear ![2023-06-29-02 49 59-screenshot](https://github.com/netbirdio/netbird/assets/52085661/5d2e5628-1fff-4cea-a0c0-14f71afcf516) but the problem persists
saavagebueno commented 2025-11-20 05:10:20 -05:00
Author
Owner
Copy Link

@Akruidenberg commented on GitHub (Jul 2, 2023):

same problem for me

@Akruidenberg commented on GitHub (Jul 2, 2023): same problem for me
saavagebueno commented 2025-11-20 05:10:20 -05:00
Author
Owner
Copy Link

@NatureLR commented on GitHub (Sep 24, 2023):

me too

I refer to this installation https://docs.netbird.io/selfhosted/selfhosted-quickstart

image

management log:

2023-09-24T05:44:22Z INFO management/server/account.go:1335: overriding JWT Domain and DomainCategory claims since single account mode is enabled
2023-09-24T05:44:22Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2559830804: GET /api/users status 401
2023-09-24T05:50:01Z INFO management/server/account.go:1335: overriding JWT Domain and DomainCategory claims since single account mode is enabled
2023-09-24T05:50:02Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 407684084: GET /api/users status 401
2023-09-24T05:50:03Z INFO management/server/account.go:1335: overriding JWT Domain and DomainCategory claims since single account mode is enabled
2023-09-24T05:50:03Z INFO management/server/account.go:1335: overriding JWT Domain and DomainCategory claims since single account mode is enabled
2023-09-24T05:50:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 776034320: GET /api/groups status 401
2023-09-24T05:50:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2539142729: GET /api/users status 401
2023-09-24T05:50:03Z INFO management/server/account.go:1335: overriding JWT Domain and DomainCategory claims since single account mode is enabled
2023-09-24T05:50:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 357926264: GET /api/users status 401

@NatureLR commented on GitHub (Sep 24, 2023): me too I refer to this installation <https://docs.netbird.io/selfhosted/selfhosted-quickstart> ![image](https://github.com/netbirdio/netbird/assets/30221928/4c2c4417-eedf-4477-8690-a61c83070a96) management log: 2023-09-24T05:44:22Z INFO management/server/account.go:1335: overriding JWT Domain and DomainCategory claims since single account mode is enabled 2023-09-24T05:44:22Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2559830804: GET /api/users status 401 2023-09-24T05:50:01Z INFO management/server/account.go:1335: overriding JWT Domain and DomainCategory claims since single account mode is enabled 2023-09-24T05:50:02Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 407684084: GET /api/users status 401 2023-09-24T05:50:03Z INFO management/server/account.go:1335: overriding JWT Domain and DomainCategory claims since single account mode is enabled 2023-09-24T05:50:03Z INFO management/server/account.go:1335: overriding JWT Domain and DomainCategory claims since single account mode is enabled 2023-09-24T05:50:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 776034320: GET /api/groups status 401 2023-09-24T05:50:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2539142729: GET /api/users status 401 2023-09-24T05:50:03Z INFO management/server/account.go:1335: overriding JWT Domain and DomainCategory claims since single account mode is enabled 2023-09-24T05:50:03Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 357926264: GET /api/users status 401
saavagebueno commented 2025-11-20 05:10:20 -05:00
Author
Owner
Copy Link

@mlsmaycon commented on GitHub (Sep 25, 2023):

Hello @NatureLR, the issue has been fixed in the latest version, you can run docker compose pull followed by docker compose up -d --force-recreate management to upgrade.

@mlsmaycon commented on GitHub (Sep 25, 2023): Hello @NatureLR, the issue has been fixed in the latest version, you can run `docker compose pull` followed by `docker compose up -d --force-recreate management` to upgrade.
saavagebueno commented 2025-11-20 05:10:20 -05:00
Author
Owner
Copy Link

@NatureLR commented on GitHub (Sep 25, 2023):

Hello @NatureLR, the issue has been fixed in the latest version, you can run docker compose pull followed by docker compose up -d --force-recreate management to upgrade.

very good it's Succeeded 😄

@NatureLR commented on GitHub (Sep 25, 2023): > Hello @NatureLR, the issue has been fixed in the latest version, you can run `docker compose pull` followed by `docker compose up -d --force-recreate management` to upgrade. very good it's Succeeded 😄
saavagebueno commented 2025-11-20 05:10:20 -05:00
Author
Owner
Copy Link

@dogrocker commented on GitHub (Dec 19, 2023):

Hello @NatureLR, the issue has been fixed in the latest version, you can run docker compose pull followed by docker compose up -d --force-recreate management to upgrade.

Same problem use docker compose pull and docker compose up -d --force-recreate management work but when token expired problem come again.

I refer to this installation https://docs.netbird.io/selfhosted/selfhosted-quickstart with google workspace.

@dogrocker commented on GitHub (Dec 19, 2023): > Hello @NatureLR, the issue has been fixed in the latest version, you can run `docker compose pull` followed by `docker compose up -d --force-recreate management` to upgrade. Same problem use `docker compose pull` and `docker compose up -d --force-recreate management` work but when token expired problem come again. I refer to this installation https://docs.netbird.io/selfhosted/selfhosted-quickstart with google workspace.
saavagebueno commented 2025-11-20 05:10:20 -05:00
Author
Owner
Copy Link

@nazarewk commented on GitHub (Apr 17, 2025):

I am closing this for lack of activity, feel free to comment to reopen.

@nazarewk commented on GitHub (Apr 17, 2025): I am closing this for lack of activity, feel free to comment to reopen.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
2021 Q4
2022 Q1
2022 Q1
accessibility
acl
agent
agent
Android
Android
api
authentik
automation
azure
battery-usage
bug
cache
client
client-ui
cloud
cloud-only
cloudflare
community
compatibility
config-idp
config-issue
connection
contribution
coturn
cross-vpn
dashboard
data-usage
distribution
dns
docker
documentation
duplicate
enhancement
enhancement
event-stream
feature-request
freebsd
getting-started
go
good first issue
gui
help wanted
home-assistant
idp
inconsistency
integration
integrations
ios
ipv6
jwt
k8s
keycloak
linux
login
macos
management-service
missing-docs
mobile
moved-internal
needs-review
netbird-ui
networking
new-platform
nginx
notification
okta
openwrt
packaging
peer-management
peer-management
peer-management
performance
postgres
posture-checks
psk
pull-request
Mirrored from GitHub Pull Request
 question
refactor
relay
release
rfc
routes
security
security-related
self-hosting
server
signal
sleep-issue
ssh
ssl
status
store
synology
system-compatibility-issue
test-suite
third-party-integration
triage
triage-needed
troubleshooting
UX
waiting-feedback
windows
wontfix
zitadel
No Label bug waiting-feedback
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
saavagebueno
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: SVI/netbird#367
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?