Bug #48306
Feature #48314: mgr/dashboard: reverse proxy support
mgr/dashboard: Unable accessing dashboard SSO via reverse proxy
0%
Description
I have set up a Ceph cluster on Kubernetes with Rook, we have SSL offloading outside Kubernetes so we config the Ceph dashboard with SSL false.
After we enable SSO with the following command
ceph dashboard sso setup saml2 https://<hostname> <metadata.xml>
Ceph dashboard successfully redirect to our SAML server, but the RelayState of the SAML request is http://<hostname>/auth/saml2/login instead of https://<hostname>/auth/saml2/login
As the result, SAML login failed with message
{"is_authenticated": false, "errors": ["invalid_response"], "reason": "The response was received at http://<hostname>/auth/saml2 instead of https://<hostname>/auth/saml2"}
I have also try tho setup saml2 with hostname http://, but the SAML server (ADFS) don't allow us the use http for login endpoint.
What you expected to happen:
Able to tell Ceph to set the RelayState protocol to HTTPS
Dockerfile I use to install python3-saml to the container
FROM ceph/ceph:v15.2.5
RUN dnf install -y python3-xmlsec
RUN yes | pip3 install python3-saml
Environment:
- OS (e.g. from /etc/os-release): Red Hat Enterprise Linux Atomic Host 7.7.2
- Kernel (e.g. uname -a): 3.10.0-1062.4.1.el7.x86_64
- Docker version (e.g. docker version): 1.13.1
- Ceph version (e.g. ceph -v): 15.2.5
History
#1 Updated by Ernesto Puerta 2 months ago
- Parent task set to #48314
#2 Updated by Ernesto Puerta 2 months ago
- Subject changed from Unable accessing dashboard SSO via reverse proxy to mgr/dashboard: Unable accessing dashboard SSO via reverse proxy
#3 Updated by Ernesto Puerta about 1 month ago
- Status changed from New to Triaged
- Assignee set to Alfonso MartÃnez
- Target version changed from v15.2.5 to v16.0.0
- Backport set to nautilus, octopus
- Affected Versions v14.0.0, v14.2.0, v14.2.1, v14.2.10, v14.2.11, v14.2.12, v14.2.13, v14.2.14, v14.2.15, v14.2.16, v14.2.2, v14.2.3, v14.2.4, v14.2.5, v14.2.6, v14.2.7, v14.2.8, v14.2.9, v15.0.0, v15.2.1, v15.2.2, v15.2.3, v15.2.4, v15.2.6, v15.2.7, v15.2.8, v16.0.0 added