Please describe the question or issue you're facing with "How to enable OIDC authentication - Landscape documentation".
The docs recommend adding the following to the [landscape] section of the config:
[landscape]
[…]
oidc-issuer = <https://accounts.google.com/>
oidc-client-id = 000000000000-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.apps.googleusercontent.com
oidc-client-secret = a4sDFAsdfA4F52as-asDfAsd
This will lead to an error and a warning in my experience, as it seems the landscape section is not there by default, and you will be missing other settings like gpg_home_path
67]: Unhandled Error
67]: Traceback (most recent call last):
67]: File "/opt/canonical/landscape/canonical/landscape/scripts/twistd.py", line 61, in run_tac
67]: runApp(options)
67]: File "/usr/lib/python3/dist-packages/twisted/scripts/twistd.py", line 29, in runApp
67]: runner.run()
67]: File "/usr/lib/python3/dist-packages/twisted/application/app.py", line 370, in run
67]: self.application = self.createOrGetApplication()
67]: File "/usr/lib/python3/dist-packages/twisted/application/app.py", line 437, in createOrGetAppli>
67]: application = getApplication(self.config, passphrase)
67]: --- <exception caught here> ---
67]: File "/usr/lib/python3/dist-packages/twisted/application/app.py", line 446, in getApplication
67]: application = service.loadApplication(filename, style, passphrase)
67]: File "/usr/lib/python3/dist-packages/twisted/application/service.py", line 404, in loadApplicat>
67]: application = sob.loadValueFromFile(filename, "application")
67]: File "/usr/lib/python3/dist-packages/twisted/persisted/sob.py", line 175, in loadValueFromFile
67]: eval(codeObj, d, d)
67]: File "/opt/canonical/landscape/landscape", line 29, in <module>
67]: config = run_application(application)
67]: File "/opt/canonical/landscape/canonical/landscape/application.py", line 266, in run_application
67]: config = read_config(instance_type)
67]: File "/opt/canonical/landscape/canonical/landscape/setup.py", line 625, in read_config
67]: if gpg_home_path := instance_config["gpg_home_path"]:
67]: builtins.KeyError: 'gpg_home_path'
67]: Failed to load application: 'gpg_home_path'
54]: ERROR:__main__:One or more workers exited with errors.
54]: INFO:__main__:Exiting supervisor.
e-appserver.service: Main process exited, code=exited, status=1/FAILURE
75]: /usr/lib/python3/dist-packages/pydantic/_internal/_fields.py:163: UserWarning: Field name "schema>
75]: warnings.warn(
75]: {"datetime": "2026-01-16T10:08:42.607001+00:00", "appid": "landscape-server", "event": "sys_crash>
75]: {"datetime": "2026-01-16T10:08:42.607197+00:00", "appid": "landscape-server", "event": "sys_shutd>
e-appserver.service: Failed with result 'exit-code'.
Adding gpg settings will yield warnings about these fields being deprecated:
Jan 16 10:12:46 landscape-beta systemd[1]: Starting landscape-appserver.service - Landscape frontend U>
Jan 16 10:12:48 landscape-beta log-system-event[34491]: /usr/lib/python3/dist-packages/pydantic/_inter>
Jan 16 10:12:48 landscape-beta log-system-event[34491]: warnings.warn(
Jan 16 10:12:48 landscape-beta log-system-event[34491]: {"datetime": "2026-01-16T10:12:48.216072+00:00>
Jan 16 10:12:48 landscape-beta log-system-event[34491]: {"datetime": "2026-01-16T10:12:48.216466+00:00>
Jan 16 10:12:48 landscape-beta systemd[1]: Started landscape-appserver.service - Landscape frontend UI.
Jan 16 10:12:49 landscape-beta landscape-server[34509]: /usr/lib/python3/dist-packages/pydantic/_inter>
Jan 16 10:12:49 landscape-beta landscape-server[34509]: warnings.warn(
Jan 16 10:12:49 landscape-beta landscape-server[34509]: WARNING:landscape-server:The 'landscape' secti>
Jan 16 10:12:49 landscape-beta landscape-server[34509]: WARNING:landscape-server:The key 'oidc-issuer'>
Jan 16 10:12:49 landscape-beta landscape-server[34509]: WARNING:landscape-server:The key 'oidc-client->
Jan 16 10:12:49 landscape-beta landscape-server[34509]: WARNING:landscape-server:The key 'oidc-client->
Jan 16 10:12:49 landscape-beta landscape-server[34509]: ERROR:__main__:1 validation error for Appserve>
Jan 16 10:12:49 landscape-beta landscape-server[34509]: Value error, Must provide `gpg_passphrase_pa>
Jan 16 10:12:49 landscape-beta landscape-server[34509]: For further information visit https://erro>
Jan 16 10:12:49 landscape-beta landscape-server[34509]: INFO:__main__:Exiting supervisor.
Moving it to the [appserver] section with underscores instead of hyphens seems like it should be the default recommendation, and is what fixed it for me:
[appserver]
...existing settings...
oidc_issuer = http://172.17.0.1:8080/realms/master
oidc_client_id = landscape-client
oidc_client_secret = foo
Reported from: https://documentation.ubuntu.com/landscape/how-to-guides/external-authentication/openid-connect-oidc/
Please describe the question or issue you're facing with "How to enable OIDC authentication - Landscape documentation".
The docs recommend adding the following to the
[landscape]section of the config:This will lead to an error and a warning in my experience, as it seems the
landscapesection is not there by default, and you will be missing other settings likegpg_home_pathAdding
gpgsettings will yield warnings about these fields being deprecated:Moving it to the
[appserver]section with underscores instead of hyphens seems like it should be the default recommendation, and is what fixed it for me:Reported from: https://documentation.ubuntu.com/landscape/how-to-guides/external-authentication/openid-connect-oidc/