Hello there,
I'm requesting help on an issue, that I believe is due to a really specific configuration (or I missed setting up some variables).
Here is my current setup and the error message.
PgAdmin4 is launched through Kubernetes via dpage/pgadmin4 Docker image and runs behind an Apisix Reverse Proxy.
It receives incoming traffic through http as Apisix manages the encryption.
The whole setup works well and we can connect through admin and db users into PgAdmin4.
However, I also set up an SSO connection via Keycloack; and if the first redirect to the keycloak login works as expected; the second one to pgAdmin ends up in an error:
I'm requesting help on an issue, that I believe is due to a really specific configuration (or I missed setting up some variables).
Here is my current setup and the error message.
PgAdmin4 is launched through Kubernetes via dpage/pgadmin4 Docker image and runs behind an Apisix Reverse Proxy.
It receives incoming traffic through http as Apisix manages the encryption.
The whole setup works well and we can connect through admin and db users into PgAdmin4.
However, I also set up an SSO connection via Keycloack; and if the first redirect to the keycloak login works as expected; the second one to pgAdmin ends up in an error:
OSError: Could not find a suitable TLS CA certificate bundle, invalid path: False
If you could point me in the right direction I would appreciate it.
Best regards,
Antoine
ps: Here is the complete stack trace:
ERROR pgadmin: Could not find a suitable TLS CA certificate bundle, invalid path: False
Traceback (most recent call last):
File "/venv/lib/python3.12/site-packages/flask/app.py", line 880, in full_dispatch_request
rv = self.dispatch_request()
^^^^^^^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.12/site-packages/flask/app.py", line 865, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args) # type: ignore[no-any-return]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/pgadmin4/pgadmin/authenticate/oauth2.py", line 56, in oauth_authorize
status, msg = auth_obj.login()
^^^^^^^^^^^^^^^^
File "/pgadmin4/pgadmin/authenticate/__init__.py", line 299, in login
status, msg = self.source.login(self.form)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/pgadmin4/pgadmin/authenticate/oauth2.py", line 136, in login
profile = ""> ^^^^^^^^^^^^^^^^^^^^^^^
File "/pgadmin4/pgadmin/authenticate/oauth2.py", line 211, in get_user_profile
self.oauth2_current_client].authorize_access_token()
^^^^^^^^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.12/site-packages/authlib/integrations/flask_client/apps.py", line 101, in authorize_access_token
token = self.fetch_access_token(**params, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.12/site-packages/authlib/integrations/base_client/sync_app.py", line 342, in fetch_access_token
token = client.fetch_token(token_endpoint, **params)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.12/site-packages/authlib/oauth2/client.py", line 211, in fetch_token
return self._fetch_token(
^^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.12/site-packages/authlib/oauth2/client.py", line 355, in _fetch_token
resp = self.session.post(
^^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.12/site-packages/requests/sessions.py", line 637, in post
return self.request("POST", url, data="" json=json, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.12/site-packages/authlib/integrations/requests_client/oauth2_session.py", line 109, in request
return super().request(
^^^^^^^^^^^^^^^^
File "/venv/lib/python3.12/site-packages/requests/sessions.py", line 589, in request
resp = self.send(prep, **send_kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.12/site-packages/requests/sessions.py", line 703, in send
r = adapter.send(request, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.12/site-packages/requests/adapters.py", line 639, in send
self.cert_verify(conn, request.url, verify, cert)
File "/venv/lib/python3.12/site-packages/requests/adapters.py", line 328, in cert_verify
raise OSError(
OSError: Could not find a suitable TLS CA certificate bundle, invalid path: False
If you could point me in the right direction I would appreciate it.
Best regards,
Antoine
ps: Here is the complete stack trace:
ERROR pgadmin: Could not find a suitable TLS CA certificate bundle, invalid path: False
Traceback (most recent call last):
File "/venv/lib/python3.12/site-packages/flask/app.py", line 880, in full_dispatch_request
rv = self.dispatch_request()
^^^^^^^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.12/site-packages/flask/app.py", line 865, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args) # type: ignore[no-any-return]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/pgadmin4/pgadmin/authenticate/oauth2.py", line 56, in oauth_authorize
status, msg = auth_obj.login()
^^^^^^^^^^^^^^^^
File "/pgadmin4/pgadmin/authenticate/__init__.py", line 299, in login
status, msg = self.source.login(self.form)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/pgadmin4/pgadmin/authenticate/oauth2.py", line 136, in login
profile = ""> ^^^^^^^^^^^^^^^^^^^^^^^
File "/pgadmin4/pgadmin/authenticate/oauth2.py", line 211, in get_user_profile
self.oauth2_current_client].authorize_access_token()
^^^^^^^^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.12/site-packages/authlib/integrations/flask_client/apps.py", line 101, in authorize_access_token
token = self.fetch_access_token(**params, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.12/site-packages/authlib/integrations/base_client/sync_app.py", line 342, in fetch_access_token
token = client.fetch_token(token_endpoint, **params)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.12/site-packages/authlib/oauth2/client.py", line 211, in fetch_token
return self._fetch_token(
^^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.12/site-packages/authlib/oauth2/client.py", line 355, in _fetch_token
resp = self.session.post(
^^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.12/site-packages/requests/sessions.py", line 637, in post
return self.request("POST", url, data="" json=json, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.12/site-packages/authlib/integrations/requests_client/oauth2_session.py", line 109, in request
return super().request(
^^^^^^^^^^^^^^^^
File "/venv/lib/python3.12/site-packages/requests/sessions.py", line 589, in request
resp = self.send(prep, **send_kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.12/site-packages/requests/sessions.py", line 703, in send
r = adapter.send(request, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.12/site-packages/requests/adapters.py", line 639, in send
self.cert_verify(conn, request.url, verify, cert)
File "/venv/lib/python3.12/site-packages/requests/adapters.py", line 328, in cert_verify
raise OSError(
OSError: Could not find a suitable TLS CA certificate bundle, invalid path: False
