Hue OIDC auth redirect uri issue


I am currently trying to integrate an OIDC authentication backend for Hue (image : 4.7.0) that interacts with our in house SSO client that provides tokens to the Hue application.

Hue is able to navigate to the oidc_op_authorization_endpoint for my configured value but i see its not taking the redirect login url which am passing. I narrowed down that it seems to be failing due to the redirect uri defaulting to localhost, the authentication api fails saying invalid uri. I defined a login_redirect_url, like the example in hue.ini as seen below.

Please kindly suggest how to override this value.

FYI : We are using official hue helm chart which comes with default nginx (we aren’t modifying any configs for nginx). However we have an ingress config for default url which is also mentioned below.

  # The client ID as relay party set in OpenID provider

  # The client secret as relay party set in OpenID provider

  # The OpenID provider authoriation endpoint
  ## oidc_op_authorization_endpoint=

  # The OpenID provider token endpoint

  # The OpenID provider user info endpoint

  # The OpenID provider signing key in PEM or DER format
  ## oidc_rp_idp_sign_key=/path/to/key_file

  # The OpenID provider authoriation endpoint

  # Whether Hue as OpenID Connect client verify SSL cert

  # As relay party Hue URL path to redirect to after login


  # The OpenID provider URL path to redirect to after logout

  # As relay party Hue URL path to redirect to after login

  # Create a new user from OpenID Connect on login if it doesn't exist


Screenshot 2022-12-15 at 2.15.23 PM
As seen in the above image. The redirect uri is taking the default localhost value and not taking the overridden value. I tried even setting the yarn -> proxy url but that didn’t work as well.

Thanks. I was ablw to solve this with below config changes in the ini file.

       redirect_whitelist="^\/.*$,^<Your SSO redirect base url>\/.*$"


      # Comma-separated list of regular expressions,
      # which match 'host:port' of requested proxy target.
      whitelist=<base url>

      # Enter the host on which you are running the ResourceManager
      ## resourcemanager_host=localhost

      # The port where the ResourceManager IPC listens on
      ## resourcemanager_port=8032

      # URL of the ResourceManager API
      resourcemanager_api_url=<base url>

      # URL of the ProxyServer API
      proxy_api_url=<base url>