Form authentication doesn't work when H2O is running behind proxy #7273
Comments
|
Neema Mashayekhi commented: Not working Jetty8. Need to add patch for it |
|
Michal Kurka commented: [~accountid:5dc4f5bbb6e6b50c58af0624] fixed in “patch version 3”, older versions of the patch were removed
|
|
JIRA Issue Details Jira Issue: PUBDEV-8386 |
|
Attachments From Jira Attachment Name: h2o-jetty-8.2.0-patch3.jar Attachment Name: h2o-jetty-8.2.0-patch3-sources.jar Attachment Name: h2o-jetty-9.4.11-patch1.jar |
When H2O is deployed in a setup where the actual H2O instance is sitting behind (eg. a transparent) proxy - redirects related to form authentication won’t work.
Steps to reproduce:
Open {{http://localhost:54300}} on the client in your browser. Notice the client and server ports are different.
H2O will generate a redirect to the login page with port 54321 and the browser will not be able to access the page. This is because the redirect URL is absolute, not relative.
The goal of this issue is to switch to relative redirect for all responses.
h4. Workaround for older versions
In addition to fixing the issue in future H2O versions, we also prove a patch that fixes the issue for existing H2O versions:
Run H2O with the patch prepended to the classpath (it has to be before the h2o.jar):
{{java -cp h2o-jetty-8.2.0-patch3.jar:h2o.jar water.H2OApp -form_auth -hash_login -login_conf hash.conf -ip localhost}}
Only for {{h2o-jetty-8.2.0-patch3.jar}}:
You can check that patch was correctly installed by running command
{noformat}java -cp h2o-jetty-8.2.0-patch3.jar:h2o.jar org.eclipse.jetty.security.authentication.FormAuthenticator{noformat}
Expected output:
{noformat}org.eclipse.jetty.security.authentication.FormAuthenticatoris patched (patch version 3)
org.eclipse.jetty.server.Response is patched: true
See https://h2oai.atlassian.net/browse/PUBDEV-8386{noformat}
The text was updated successfully, but these errors were encountered: