Bug #49204
openCeph dashboard SAML2 - 415 Unsupported Media Type
0%
Description
I am using Keycloak for SSO.
After redirect from keycloak back to ceph dashboard /auth/saml2 i get the following error:
{"status": "415 Unsupported Media Type", "detail": "Expected an entity of content type application/json, text/javascript", "request_id": "03130529-6bf2-4f37-aed1-7e4dff96c298"}
I have following hypothesis (i can't test it as creating the whole development environment for ceph is beyond my skill level for now):
Keycloak is making POST request in browser to /auth/saml2 as a form of redirect after successful login - this is asked by ceph dashboard in SAML request. Here https://github.com/ceph/ceph/blob/bdf3eebcd22d7d0b3dd4d5501bee5bac354d5b55/src/pybind/mgr/dashboard/module.py#L145 the CherryPy is clearly told to enforce JSON on input, so the error makes sense as the content-type is really application/x-www-form-urlencoded and not text/javascript.
It looks like there is @allow_empty_body annotation declared here https://github.com/ceph/ceph/blob/bdf3eebcd22d7d0b3dd4d5501bee5bac354d5b55/src/pybind/mgr/dashboard/controllers/__init__.py#L957 which looks like is supposed to counter the content-type check. Is it possible, that this annotation is missing here https://github.com/ceph/ceph/blob/bdf3eebcd22d7d0b3dd4d5501bee5bac354d5b55/src/pybind/mgr/dashboard/controllers/saml2.py#L45 ?
Also there is this - https://tracker.ceph.com/issues/48211 but for older versions, so maybe it is the same bug.
Updated by Greg Farnum almost 3 years ago
- Project changed from Ceph to Dashboard
- Category deleted (
msgr)
Updated by Ernesto Puerta 11 months ago
- Related to Bug #58657: mgr/dashboard: SAML2 - 415 Unsupported Media Type on mgr failover added
Updated by Ernesto Puerta 11 months ago
- Related to Bug #48211: SAML - 415 Unsupported Media Type added