Troubleshooting
Some common issues have occurred while deploying Heimdall. Below are the ones that we know of:
Error: Logging in with Keycloak gives an unable to validate state error.
Solution: Enable oAuth compatibility mode "Exclude Session State From Authentication Response".
Error: Server is unable to validate session tokens when authenticating with an external provider
Solution: Ensure the Heimdall server is able to communicate with your authentication provider. If you use your own SSL certificates, ensure they are accessible within your Heimdall host (server/container) and specify their path as an environment variable with NODE_EXTRA_CA_CERTS=/path/to/your/certificate.crt
Error: User emails are not verified by your identity provider.
Solution: The OpenID Connect Standard provides a field for "email_verified", this is validated to ensure that a user cannot add their own unverified email to your identity provider and use it to login to Heimdall.
Ensure users have the "Email Verified" field enabled:
- Home
- How to create a release
- Environment Variables Configuration
- Heimdall Authentication Methods
- Heimdall API Documentation
- Group and User Management
- Heimdall Interface Connections
- Heimdall Architecture Information
- Heimdall Class Diagrams
- Heimdall Development Tips & Tricks
- Heimdall Frontend Components
- Heimdall Processes Documentation
- Heimdall Heroku Documentation
- Developers Code Style
- Troubleshooting
- HDF Converter Mappings
- HDF Converters How Tos
- Manual Attestations
- Control Correlation Identifier (CCI) Converter