Uploaded image for project: 'Compass '
  1. Compass
  2. COMPASS-7950

Apply system CA certs to Atlas login oidc-plugin flow

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 1.43.2
    • Affects Version/s: None
    • Component/s: None
    • None
    • Environment:
      OS:
      node.js / npm versions:
      Additional info:
    • Developer Tools
    • Not Needed
    • Iteration Earth (Jun 17-Jul 1)

      As recently reported in HELP-59583 and similar to HELP-55546 it is possible for OIDC login flow to fail if system CA certs are different from the ones packaged with the application. When connecting to mongodb server through mongosh or Compass we allow to use system CA when the tlsUseSystemCA option is enabled, but this option (or any other) is not applied to the oidc-plugin instance that is used for Atlas login.

      To allow users who are running into this issue to use Atlas Gen AI feature, and any other features that will require them to use Atlas login in the future, we should somehow allow to use system CA for the oidc-plugin login in Atlas service.

      We should also check whether or not we need to also apply this to the requests in the renderer process somehow or is Electron / Chromium network stack already hadles this for us (the network stack used by Electron is different from the Node.js one that oidc-plugin uses)

            Assignee:
            rhys.howell@mongodb.com Rhys Howell
            Reporter:
            sergey.petushkov@mongodb.com Sergey Petushkov
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: