Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a uwsgi param to prevent SAML error #5577

Merged
merged 1 commit into from
Jan 3, 2020
Merged

Add a uwsgi param to prevent SAML error #5577

merged 1 commit into from
Jan 3, 2020

Conversation

loitho
Copy link
Contributor

@loitho loitho commented Dec 31, 2019
edited
Loading

Add the uwsgi_param 'HTTP_X_FORWARDED_PORT' to nginx configuration,
This prevents the python-saml "invalid_response" error

related issue : #5570 and #1016

Signed-off-by: loitho

SUMMARY

Hi there, I added the line uwsgi_param HTTP_X_FORWARDED_PORT 443 into the nginx configuration to prevent the following error that happens with the SAML module when running AWX with docker-compose :

SAML login failed: ['invalid_response'] (The response was received at https://test-awx.com:8053/sso/complete/saml/ instead of https://test-awx.com/sso/complete/saml/

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME
  • Installer
AWX VERSION
awx: 9.1.0
ADDITIONAL INFORMATION

When the Identity Provider execute the callback back to AWX after a successfully authentication (let's say to "https://test-awx.com/sso/complete/saml/" the call is received by the Nginx server listening on the 8053 port which then "wsgi_pass" the request to the Django server.

The problem is that the Django server then see the request arriving at the 8053 port and throw the error :

SAML login failed: ['invalid_response'] (The response was received at https://test-awx.com:8053/sso/complete/saml/ instead of https://test-awx.com/sso/complete/saml/

Because Django determines the port it's running at by checking "HTTP_X_FORWARDED_PORT" and then the "SERVER_PORT"
https://docs.djangoproject.com/fr/3.0/ref/request-response/#django.http.HttpRequest.get_port
And because there wasn't any HTTP_X_FORWARDED_PORT header set for wsgi, it was using the default server port (8053)

Adding the uwsgi_param "HTTP_X_FORWARDED_PORT" prevent Django from throwing the invalid request error and allow for SAML to work

@loitho
Add a uwsgi param to prevent SAML error
930b468 
Add the uwsgi_param 'HTTP_X_FORWARDED_PORT' to nginx configuration,
This prevents the python-saml "invalid_response" error

related issue : ansible#5570 and ansible#1016

Signed-off-by: loitho
@softwarefactory-project-zuul
Copy link
Contributor

Build failed.

@AlanCoding
Copy link
Member

recheck

@softwarefactory-project-zuul
Copy link
Contributor

Build succeeded.

@ryanpetrello ryanpetrello mentioned this pull request Jan 3, 2020
Closed
@softwarefactory-project-zuul
Copy link
Contributor

Build succeeded (gate pipeline).

@softwarefactory-project-zuul softwarefactory-project-zuul bot merged commit 8c99321 into ansible:devel Jan 3, 2020
@GereG13 GereG13 mentioned this pull request Oct 19, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ryanpetrello ryanpetrello ryanpetrello approved these changes

Assignees
No one assigned
Labels
component:installer type:bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@loitho @AlanCoding @ryanpetrello @awxbot