IAP with Google Identity Platform throws "Failed to fetch the discovery document from issuer"

MariusPontmercy

2/4/23, 10:41 AM

I have activated Identity Aware Proxy on a GCP Load Balancer and configured it to authenticate the users against my OIDC Identity Provider (Auth0) through Google Identity Platform with a default login page hosted on Cloud Run.

When I browse my application I got redirected to the login page but then this happens:

although the document is available and publicly reachable at that URL:

I followed GCP documentation step by step and cannot find any troubleshooting guide. Any thoughts?

Thanks

127

0 + 0

cloud

openid

google-cloud-platform

google-iam

John Hanley

2/4/23, 7:23 PM

The OpenID Connect Metadata Document is public information. There is no need to mask that information. By hiding that information, we cannot run tests for you.

MariusPontmercy

2/5/23, 7:54 AM

Hi John, I know it's public but I hope you appreciate I need to redact my Company's name.

Score:0

Server

MariusPontmercy

2/5/23, 10:34 AM

Ok, solved.

The problem was I had configured my Google Identity Platform OIDC Provider with the full metadata document URL

while only the issuer base URL was expected

Newbie mistake, I know, but the error message is misleading, IMO, because it reports the URL where the document actually is. If the returned message had been

Failed to fetch the discovery document from issuer: https://REDACTED.eu.auth0.com/.well-known/openid-configuration/.well-known/openid-configuration

the misconfiguration would have been immediately apparent.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: IAP with Google Identity Platform throws "Failed to fetch the discovery document from issuer"

TH: IAP กับ Google Identity Platform แสดงข้อความ "ไม่สามารถดึงเอกสารการค้นพบจากผู้ออก"

RO: IAP cu Google Identity Platform afișează „Eșuat la preluarea documentului de descoperire de la emitent”

RU: IAP с Google Identity Platform выдает «Не удалось получить документ обнаружения от эмитента»

VI: IAP với Google Identity Platform đưa ra thông báo "Không thể tìm nạp tài liệu khám phá từ nhà phát hành"

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.