Grist + Authentik = error

Hey, can’t make it work.

Using Traefik + Authentik + Grist.

Getting error

2023-01-14 18:45:03.519 grist.redacted.com GET /o/docs/ 200 13.849 ms - 4520
2023-01-14 18:45:03.540 grist.redacted.com GET /v/unknown/jqueryui/themes/smoothness/jquery-ui.css 304 6.300 ms - -
2023-01-14 18:45:03.541 grist.redacted.com GET /v/unknown/bootstrap/dist/css/bootstrap.min.css 304 2.983 ms - -
2023-01-14 18:45:03.547 grist.redacted.com GET /v/unknown/hljs.default.css 304 3.407 ms - -
2023-01-14 18:45:03.553 grist.redacted.com GET /v/unknown/bootstrap-datepicker/dist/css/bootstrap-datepicker3.min.css 304 7.821 ms - -
2023-01-14 18:45:03.554 grist.redacted.com GET /v/unknown/bootstrap/dist/js/bootstrap.min.js 304 6.822 ms - -
2023-01-14 18:45:03.554 grist.redacted.com GET /v/unknown/locales/en.server.json 304 4.683 ms - -
2023-01-14 18:45:03.554 grist.redacted.com GET /v/unknown/locales/en.client.json 304 4.195 ms - -
2023-01-14 18:45:03.555 grist.redacted.com GET /v/unknown/bundle.css 304 3.729 ms - -
2023-01-14 18:45:03.555 grist.redacted.com GET /v/unknown/icons/icons.css 304 3.346 ms - -
2023-01-14 18:45:03.558 grist.redacted.com GET /v/unknown/jquery/dist/jquery.min.js 304 9.788 ms - -
2023-01-14 18:45:03.559 grist.redacted.com GET /v/unknown/jqueryui/jquery-ui.min.js 304 5.885 ms - -
2023-01-14 18:45:03.559 grist.redacted.com GET /v/unknown/main.bundle.js 304 2.724 ms - -
2023-01-14 18:45:03.559 grist.redacted.com GET /v/unknown/browser-check.js 304 2.282 ms - -
2023-01-14 18:45:03.560 grist.redacted.com GET /v/unknown/bootstrap-datepicker/dist/js/bootstrap-datepicker.min.js 304 2.238 ms - -
2023-01-14 18:45:03.567 grist.redacted.com GET /v/unknown/img/gplaypattern.png 304 0.337 ms - -
2023-01-14 18:45:03.617 grist.redacted.com GET /v/unknown/icons/favicon.png 304 0.872 ms - -

Where i need to look at?

Thank you

HTTP status codes 200 and 304 are fine, it looks like static assets are being served ok. Can you say more about the error you are seeing?

You’ve probably already seen this, but there are notes on Authentik + Grist at:

Hey.
I totaly dont userstand.
What means
GRIST_SAML_IDP_CERTS
GRIST_SAML_SP_KEY
GRIST_SAML_SP_CERT

As i found i need to create new certificates for SP here

but…

where i need to find IDP cert?
i’ve found video where IDP Cert is the same as SP Cert.

Is it…ok ?

Maybe someone have a full guide …

Thanks.

was able to login with
–env GRIST_SAML_IDP_LOGIN=https://auth/application/saml/grist/sso/binding/redirect/

but not with init

Whats wrong?

I also set up Grist with Authentik quite recently.
About the certs with saml:

I have generated two certs:

1. is for grist.
2. is for authentik.

you need to download 3 things for grist:

1. grist private key (GRIST_SAML_SP_KEY)
2. grist public key (GRIST_SAML_SP_CERT)
3. authentik public key. (GRIST_SAML_IDP_CERTS)

the authentik PRIVATE key is not needed by grist.

Edit: I also set:
Application → LaunchID: http://gristip:port/o/docs/signin
Saml Provider → Signing Certificate: Authentik
Saml Provider → Verification Certificate: Grist
Saml Provider → ACS URL: http://gristip:port/saml/assert
Saml Provider → Service Provider Binding: Post