Skip to content

Mission Control Plugin Does not Honor TANZU_CLI_OAUTH_LOCAL_LISTENER_PORT #867

New issue
New issue
Open
Open
Mission Control Plugin Does not Honor TANZU_CLI_OAUTH_LOCAL_LISTENER_PORT#867
Labels
kind/bugPR/issue related to a bugneeds-triage
@dewab

Description

@dewab
dewab
opened on Jun 30, 2025

Bug description

CLI with TMC plugin using pinniped IDP forces callback to 127.0.0.1:80 and does not honor TANZU_CLI_OAUTH_LOCAL_LISTENER_PORT. On Linux systems, this runs into a privileged port that requires root or some gymnastics (authbind) to overcome. This pertains to usage with TMC Self Managed (Pinniped) IDP. Using Azure AD for IDP. TMC-SM is at v1.4.2.

Expected behavior

Expected that callback will listen on port specified and adjust callback URL accordingly as specified in TANZU_CLI_OAUTH_LOCAL_LISTENER_PORT.

Steps to reproduce the bug / Relevant debug output

% tanzu tmc context create -e tmc.domain.lab tmc-1 -i pinniped
[i] Starting TMC login...
[i] IDP type is set to "pinniped"
[i] endpoint is set to "tmc.domain.lab"
[i] [i] context is set to "tmc-1"
[i] Logging in to TMC Self Managed (Pinniped)...
[i] Pinniped web-based login...
i Please open this URL in a browser window to complete the login
https://pinniped-supervisor.tmc.domain.lab/provider/pinniped/oauth2/authorize?client_id=pinniped-cli&code_challenge=xxxx&code_challenge_method=S256&redirect_uri=**_http%3A%2F%2F127.0.0.1%2Fcallback_**&response_type=code&scope=openid+offline_access+username+groups&state=xxxx

% TANZU_CLI_OAUTH_LOCAL_LISTENER_PORT=8080 tanzu tmc context create -e tmc.domain.lab tmc-1 -i pinniped ✘130
[i] Starting TMC login...
[i] IDP type is set to "pinniped"
[i] endpoint is set to "tmc.domain.lab"
[i] [i] context is set to "tmc-1"
[i] Logging in to TMC Self Managed (Pinniped)...
[i] Pinniped web-based login...
i Please open this URL in a browser window to complete the login
https://pinniped-supervisor.tmc.domain.lab/provider/pinniped/oauth2/authorize?client_id=pinniped-cli&code_challenge=xxxx&code_challenge_method=S256&redirect_uri=**_http%3A%2F%2F127.0.0.1%2Fcallback_**&response_type=code&scope=openid+offline_access+username+groups&state=xxxx

Output of tanzu version

% tanzu version
version: v1.5.3
buildDate: 2025-01-29
sha: f73b9ec
arch: arm64

Environment where the bug was observed (cloud, OS, etc)

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugPR/issue related to a bugneeds-triage

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions