Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot login into Che using Openshif OAuth when proxy with authentication is used #17681

Closed
mmorhun opened this issue Aug 21, 2020 · 4 comments
Closed

Cannot login into Che using Openshif OAuth when proxy with authentication is used #17681

mmorhun opened this issue Aug 21, 2020 · 4 comments
Labels
area/install Issues related to installation, including offline/air gap and initial setup kind/bug Outline of a bug - must adhere to the bug report template. severity/P1 Has a major impact to usage or development of the system.
Milestone
7.37

Comments

@mmorhun
Copy link
Contributor

mmorhun commented Aug 21, 2020
edited
Loading

Describe the bug

It is not possible to login into Che when Openshift OAuth is used on a cluster which has cluster wide proxy with authentication configured.

Che version

nightly

Steps to reproduce

  1. Deploy Eclipse Che on an Openshift 4 cluster which is configured to use proxy with authentication
  2. Open Che dashboard link and try to login in Openshift OAuth
  3. After login Che show error.

Expected behavior

Che should work behind proxy

Runtime

Openshift 4.5

Screenshots

Screenshot from 2020-08-21 12-27-12

Installation method

chectl

Environment

Cloud

Additional context

When install Eclispe Che on the cluster with cluster wide proxy configured it is required to add api.<cluster-url> to nonProxyHosts

Proxy Logs:

1598003734.988   4839 35.237.0.38 TCP_TUNNEL/200 3127 CONNECT oauth-openshift.apps.ci-ln-cslqx32-f76d1.origin-ci-int-gce.dev.openshift.com:443 test HIER_DIRECT/104.196.69.165 -
1598003750.395 901315 35.196.42.134 TCP_TUNNEL/200 3420 CONNECT api.ci-ln-cslqx32-f76d1.origin-ci-int-gce.dev.openshift.com:6443 test HIER_DIRECT/104.196.15.45 -
1598003760.401  90787 35.237.0.38 TCP_TUNNEL/200 3140 CONNECT oauth-openshift.apps.ci-ln-cslqx32-f76d1.origin-ci-int-gce.dev.openshift.com:443 test HIER_DIRECT/104.196.69.165 -
1598003764.020   4830 35.237.0.38 TCP_TUNNEL/200 3127 CONNECT oauth-openshift.apps.ci-ln-cslqx32-f76d1.origin-ci-int-gce.dev.openshift.com:443 test HIER_DIRECT/104.196.69.165 -
1598003765.012   4846 35.237.0.38 TCP_TUNNEL/200 3127 CONNECT oauth-openshift.apps.ci-ln-cslqx32-f76d1.origin-ci-int-gce.dev.openshift.com:443 test HIER_DIRECT/104.196.69.165 -
1598003784.443      1 35.196.42.134 TCP_DENIED/407 4233 CONNECT oauth-openshift.apps.ci-ln-cslqx32-f76d1.origin-ci-int-gce.dev.openshift.com:443 - HIER_NONE/- text/html
1598003790.398  90793 35.237.0.38 TCP_TUNNEL/200 3140 CONNECT oauth-openshift.apps.ci-ln-cslqx32-f76d1.origin-ci-int-gce.dev.openshift.com:443 test HIER_DIRECT/104.196.69.165 -
@mmorhun mmorhun added the kind/bug Outline of a bug - must adhere to the bug report template. label Aug 21, 2020
@tolusha tolusha mentioned this issue Aug 21, 2020
Closed
58 tasks
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Aug 21, 2020
@amisevsk amisevsk added area/install Issues related to installation, including offline/air gap and initial setup severity/P1 Has a major impact to usage or development of the system. and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels Aug 21, 2020
@tolusha tolusha added this to the 7.19 milestone Aug 26, 2020
@tolusha
Copy link
Contributor

tolusha commented Sep 1, 2020

Keycloak supports authentication proxy since 9.0.0 version
keycloak/keycloak#6111

@tolusha
Copy link
Contributor

tolusha commented Sep 1, 2020

Workaround is to configure nonProxyHosts in a CR:

spec:
  server:
    nonProxyHosts: oauth-openshift.apps.<DOMAIN>|api.<DOMAIN>

@tolusha tolusha removed this from the 7.19 milestone Sep 1, 2020
@tolusha tolusha modified the milestone: 7.27 Feb 2, 2021
@tolusha tolusha mentioned this issue Mar 10, 2021
Closed
22 tasks
@tolusha tolusha mentioned this issue Apr 14, 2021
Closed
@che-bot
Copy link
Contributor

che-bot commented Aug 9, 2021

Issues go stale after 180 days of inactivity. lifecycle/stale issues rot after an additional 7 days of inactivity and eventually close.

Mark the issue as fresh with /remove-lifecycle stale in a new comment.

If this issue is safe to close now please do so.

Moderators: Add lifecycle/frozen label to avoid stale mode.

@che-bot che-bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 9, 2021
@tolusha tolusha removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 9, 2021
@tolusha tolusha added this to the 7.37 milestone Sep 10, 2021
@tolusha
Copy link
Contributor

tolusha commented Sep 10, 2021
edited
Loading

Fixed with updating keycloak to a new version
#19585

@tolusha tolusha closed this as completed Sep 10, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/install Issues related to installation, including offline/air gap and initial setup kind/bug Outline of a bug - must adhere to the bug report template. severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Milestone
7.37
Development

No branches or pull requests
4 participants
@tolusha @mmorhun @amisevsk @che-bot