1: Go to https://www.base64encode.org/ and paste your original cert there for encoding. The original in full format as:
-----BEGIN CERTIFICATE-----
MIIDdDDDD
XXXXXX
VVVVVVV
-----END CERTIFICATE-----
Copy the encoded result string end to end and be careful to have no extra characters.
2: Edit your config map and ensure the yaml formatting is right:
#kubectl -n argocd edit cm argocd-cm
Here is a sample config that worked:
---
#in argocd-cm
data:
url: https://argocd.int.domain.com
dex.config: |
logger:
level: debug
format: json
connectors:
- type: saml
id: saml
name: saml
config:
ssoURL: https://accounts.google.com/o/saml2/idp?idpid=XXXXXXXX
entityIssuer: https://argocd.int.domain.com/api/dex/callback
redirectURI: https://argocd.int.domain.com/api/dex/callback
ssoIssuer: https://accounts.google.com/o/saml2/idp?idpid=XXXXXXXXX
caData: |
LS0tLS1CRUdJTiBXXXXXXXXXXThe long BASE64EncodedString
usernameAttr: name
emailAttr: email
#etcetc
---
I hope this fixes your problem.
Note: Formatting characters in the configmap will likely break things by introducing yaml parse errors so ensure you are not seeing /n and such when you open up the config map after your edit is saved.
You should consider a restart of both the argocd-dex-server and argocd-server deployments and confirm that the logs in the new pods come up clean.
[taproot@ip-10-10-15-500 ~]# kubectl -n argocd rollout restart deployment argocd-dex-server
deployment.apps/argocd-dex-server restarted
[taproot@ip-10-10-15-500 ~]# kubectl -n argocd rollout restart deployment argocd-server
deployment.apps/argocd-server restarted
I had to do the above restart to get rid of prominent errors on the UI that read something like:
"unable to load data: grpc: the client connection is closing"
Ref: https://argoproj.github.io/argo-cd/operator-manual/user-management/google/
