Hello all! I am running into an issue where all our users see the following error when trying to login using OIDC:
Failed to perform post authentication steps. Error message: Failed to provision user with urn urn:li:corpuser:
This error occurs intermittently. Any thoughts on what could be causing this issue?
<@UV5UEC3LN> might be able to speak to this!
cc: <@U04UKA5L5LK>
The issue could be due to a misconfiguration of Single-Sign On, either on the DataHub side or on the Identity Provider side. Verify that all values are consistent across them (e.g., the host URL where DataHub is deployed), and that no values are misspelled (client id, client secret). Also, ensure that the scopes requested are supported by your Identity Provider and that the claim DataHub uses for uniquely identifying the user is supported by your Identity Provider. The Discovery URI you’ve configured (AUTH_OIDC_DISCOVERY_URI) should also be accessible where the datahub-frontend container is running. If these steps don’t resolve the issue, it might be because your Identity Provider does not provide the claim with name ‘email’, which DataHub uses by default to uniquely identify users within your organization. You can fix this by changing the AUTH_OIDC_USER_NAME_CLAIM or changing the environment variable AUTH_OIDC_SCOPE to include the scope required to retrieve the claim with name ‘email’.
There are more docs here! https://datahubproject.io/docs/authentication/guides/sso/configure-oidc-react
Hi <@U04SN084TT9>, were you able to fix this?