Comments (11)
@Jusshersmith I tried with your commit. It fixed sso_auth issue, now we i am seeing issue with sso_proxy. Attaching logs here.
sso proxy is calling its self domain with /google/redeem (where google is oauth provider here)and then its failing.
Note: sso-proxy also using same image and it contains the proxy environment variables.
sso-proxy-7c489b86d4-2r9vq sso-proxy {"level":"info","msg":"starting OAuth flow","service":"sso-proxy","sign_in_url":{"Scheme":"https","Opaque":"","User":null,"Host":"sso-auth.xxx.yyy.zzz","Path":"/google/sign_in","RawPath":"","ForceQuery":false,"RawQuery":"client_id="<redacted>","Fragment":""},"time":"2021-06-02 18:12:52.982"} sso-proxy-7c489b86d4-2r9vq sso-proxy {"action":"proxy","http_status":302,"level":"info","msg":"","remote_address":"<redacted>","request_duration":1.0428119999999999,"request_method":"GET","request_uri":"app-1.sso.xxx.yyy.zzz/?","service":"sso-proxy","time":"2021-06-02 18:12:52.982","user":"","user_agent":"<redacted>"} sso-auth-ddbdb8ff7-tkrdx sso-auth {"level":"info","msg":"authentication: user passed validation","remote_address":"<redacted>","service":"sso-authenticator","time":"2021-06-02 18:12:53.139","user":"[email protected]"} sso-auth-ddbdb8ff7-tkrdx sso-auth {"action":"sign_in","http_status":302,"level":"info","msg":"","proxy_host":"app-1.sso.xxx.yyy.zzz","remote_address":"<redacted>","request_duration":72.031412,"request_method":"GET","request_uri":"/google/sign_in?client_id=<redacted>","service":"sso-authenticator","time":"2021-06-02 18:12:53.140","user":"","user_agent":"<redacted>"} sso-proxy-7c489b86d4-2r9vq sso-proxy {"error":"Post https://sso-auth.xxx.yyy.zzz/google/redeem: dial tcp <APP_PUBLIC_IP>:443: i/o timeout","level":"error","msg":"error redeeming authorization code","remote_address":"<redacted>","service":"sso-proxy","time":"2021-06-02 18:12:55.302"} sso-proxy-7c489b86d4-2r9vq sso-proxy {"http_status":500,"level":"info","msg":"error page","page_message":"Internal Error","page_title":"Internal Error","remote_address":"<redacted>","service":"sso-proxy","time":"2021-06-02 18:12:55.302"} sso-proxy-7c489b86d4-2r9vq sso-proxy {"action":"callback","http_status":500,"level":"info","msg":"","remote_address":"<redacted>","request_duration":2000.4191389999999,"request_method":"GET","request_uri":"app-1.sso.xxx.yyy.zzz/oauth2/callback?<redacted>","service":"sso-proxy","time":"2021-06-02 18:12:55.302","user":"","user_agent":"<redacted>"}
from sso.
Hey @saithejareddy,
Thanks for testing that change, and for the extra detail you've sent over.
I'm sorry, I didn't have as much time yesterday to look into your response as I would have liked. I'll try to find some time today, but to be realistic, it will likely end up being next week I'm afraid.
from sso.
Hi @saithejareddy,
Might the Squid proxy provide any logging or metrics that could prove useful here? As far as I can tell, by the time you see the error redeeming authorization code
error, sso_proxy
has already sent successful requests to sso_auth
, so it would appear they can both reach each other 🤔.
from sso.
We were able to hit the same endpoint using cURL library from the same container with same environment variables.
from sso.
Any luck here?
from sso.
@Jusshersmith Any luck here?
from sso.
Hey @Jusshersmith Thank you so much.
from sso.
@Jusshersmith Any luck here? :(
from sso.
If you look at the below error, It's clear that sso-proxy
is not able to communicate with the sso-auth
(It says TCP i/o timeout). This is possible if sso-proxy
is not using HTTP/HTTPS_PROXY
for this call because it don't have internet to communicate a public IP resolvable DNS. I had verified with squid logs as well. I am seeing requests coming from sso-auth
only but there's no requests
coming from sso-proxy
here.
sso-proxy-7c489b86d4-2r9vq sso-proxy {"error":"Post https://sso-auth.xxx.yyy.zzz/google/redeem: dial tcp <APP_PUBLIC_IP>:443: i/o timeout","level":"error","msg":"error redeeming authorization code","remote_address":"<redacted>","service":"sso-proxy","time":"2021-06-02 18:12:55.302"}
from sso.
I had tested adding ProxyFromEnvironment here as mentioned in the above PR as well. It works for me..! Thanks for the help. 🤝
from sso.
I am seeing same above issue when upgraded to v3.0.0. Unable to figure out why this issue started coming up again. Can you please help here?
from sso.
Related Issues (20)
- go get github.com/buzzfeed/sso failed
- error loading in config from env vars HOT 2
- Update quickstart example to work with current kubernetes versions HOT 1
- Broken link in docs HOT 1
- Inconsistent validation logic between init and refresh HOT 2
- Upgrading to latest build - provider.url expecting a map - still documented as a string - unsure what env to set HOT 1
- Upgraded to 2.x build - and getting HTTP 421: Misdirected Request HOT 3
- Create Updated Docker Image HOT 7
- TestSignatureRoundTripDecoding Error HOT 2
- publish multi-arch images HOT 2
- Getting 404 from authenticator when trying to login with Google HOT 1
- Invalid redirect parameter | HTTP 400 when starting Google sign_in HOT 4
- Can the proxy be used for TCP forwarding?
- Unable to use HTTP/HTTPS Proxy with SSO Proxy & Auth
- Document preserve_host option in `sso_config.md`
- Dockerimage outdated and has many security erratas/cve HOT 1
- SSO not working on Kubernetes
- Is this project still maintained? HOT 3
- ..........
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sso.