-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
issue while signing (sigstore-keycloak-setup) #2
Comments
Hi @VikramPunnam, thanks! |
Here it is the full trace, (base) [ec2-user@mum1bado1q04 sigstore]$ cosign sign --fulcio-url https://dev-fulcio.crisil.com --oidc-issuer https://qa-keycloak.crisil.local/realms/sigstore --oidc-client-id='sigstore' --oidc-client-secret-file='secret' --rekor-url https://dev-rekor.crisil.com qa-harbor.crisil.local/eks/alpine:1.27.4
By typing 'y', you attest that (1) you are not submitting the personal data of any other person; and (2) you understand and agree to the statement and the Agreement terms at the URLs listed above.
Enter verification code: 84436eec-df9d-46c8-84c0-e8fd82207a43.a6e62f89-c5da-4ef3-a7ad-5e320944d296.c495c10d-393a-41d1-b58e-6759f95828ed Error: signing [qa-harbor.crisil.local/eks/alpine:1.27.4]: getting signer: getting key from Fulcio: retrieving cert: oauth2: "invalid_grant" "Code not valid" config.json: |
I think this might either be an issue with your Keycloak realm/client config or with the verification code itself (it might have already been used or timed out). Could you also provide your Keycloak config? |
yes, The issue is with the keycloak config. The client token is valid only once. I have tried with new client token. but getting different issue. (base) [ec2-user@mum1bado1q04 sigstore]$ cosign sign --fulcio-url https://dev-fulcio.crisil.com --oidc-issuer https://qa-keycloak.crisil.local/realms/sigstore --oidc-client-id='sigstore' --oidc-client-secret-file='secret' --rekor-url https://dev-rekor.crisil.com qa-harbor.crisil.local/eks/alpine:1.27.4
By typing 'y', you attest that (1) you are not submitting the personal data of any other person; and (2) you understand and agree to the statement and the Agreement terms at the URLs listed above.
Enter verification code: 0a448d9d-a6df-43ac-8f0f-02355e56e925.00966ac9-1387-497a-a59a-81a0caea411d.c495c10d-393a-41d1-b58e-6759f95828ed Error: signing [qa-harbor.crisil.local/eks/alpine:1.27.4]: getting signer: getting key from Fulcio: retrieving cert: POST https://dev-fulcio.crisil.com/api/v1/signingCert returned 500 Internal Server Error: "{"code":13, "message":"Error entering certificate in CTL", "details":[]}" |
|
Hi @mayaCostantini , the guide which you wrote is very helpful for local sigstore setup.
I have configured the keycloak and fulcio as mentioned, but Im getting the below error.
main.go:74: error during command execution: signing [qa-harbor.crisil.local/eks/alpine:1.27.4]: getting signer: getting key from Fulcio: retrieving cert: oauth2: "invalid_grant" "Code not valid"
If you have any idea,
Could you please help on this?
The text was updated successfully, but these errors were encountered: