Project

General

Profile

Bug #49204

Ceph dashboard SAML2 - 415 Unsupported Media Type

Added by Pavel Sorejs 18 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
msgr
Target version:
% Done:

0%

Source:
Community (user)
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature:

Description

I am using Keycloak for SSO.

After redirect from keycloak back to ceph dashboard /auth/saml2 i get the following error:

{"status": "415 Unsupported Media Type", "detail": "Expected an entity of content type application/json, text/javascript", "request_id": "03130529-6bf2-4f37-aed1-7e4dff96c298"}

I have following hypothesis (i can't test it as creating the whole development environment for ceph is beyond my skill level for now):

Keycloak is making POST request in browser to /auth/saml2 as a form of redirect after successful login - this is asked by ceph dashboard in SAML request. Here https://github.com/ceph/ceph/blob/bdf3eebcd22d7d0b3dd4d5501bee5bac354d5b55/src/pybind/mgr/dashboard/module.py#L145 the CherryPy is clearly told to enforce JSON on input, so the error makes sense as the content-type is really application/x-www-form-urlencoded and not text/javascript.

It looks like there is @allow_empty_body annotation declared here https://github.com/ceph/ceph/blob/bdf3eebcd22d7d0b3dd4d5501bee5bac354d5b55/src/pybind/mgr/dashboard/controllers/__init__.py#L957 which looks like is supposed to counter the content-type check. Is it possible, that this annotation is missing here https://github.com/ceph/ceph/blob/bdf3eebcd22d7d0b3dd4d5501bee5bac354d5b55/src/pybind/mgr/dashboard/controllers/saml2.py#L45 ?

Also there is this - https://tracker.ceph.com/issues/48211 but for older versions, so maybe it is the same bug.

Also available in: Atom PDF