Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix "proxy" authentication mode #4224

Closed
wants to merge 4 commits into from

Conversation

@Kami
Copy link
Member

Kami commented Jul 3, 2018

While looking into why proxy authentication mode is not working for a user (https://forum.stackstorm.com/t/how-to-enable-the-proxy-authentication-mode/198), I discovered we inadvertently broke it while moving to the OpenAPI.

This pull request fixes that.

TODO

  • Unit tests for /v1/tokens API controller (existing test was mocking API layer so we didn't actually test headers are read in correctly)
Kami added 2 commits Jul 3, 2018
application/json.

This way it works correctly for text/plain and other content types which
don't expect JSON strings.
@Kami Kami added bug API labels Jul 3, 2018
@Kami Kami added this to the 2.9.0 milestone Jul 3, 2018
@Kami Kami requested a review from enykeev Jul 3, 2018
@Kami

This comment has been minimized.

Copy link
Member Author

Kami commented Jul 3, 2018

EDIT: After more digging in - the existing code is indeed correct.

We want to read remote_addr and remote_user from environment which is passed to auth server by a proxy and not from a header. I will fix the documentation.

As described here (https://forum.stackstorm.com/t/how-to-make-the-webui-works-with-the-st2-proxy-auth-mode/197/2?u=kami), we could also support those values coming via the headers, but that's not a standard approach and has more security related edge cases.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.