-
Notifications
You must be signed in to change notification settings - Fork 7.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to authorize draw.io in gitlab #2348
Comments
In any case you have missed a solution from search... :) шт the and of thread #492 there are 2 mentioned issues: yours #2348 and mine #2192 The root cause is described here #2192 (comment) This is correct link for redirect-URL( This solution helps me: Import self-signed certificate of self-hosted Gitlab instance to self-hosted Drawio container: inside Drawio container:export SSL_URL=gitlab-host
openssl s_client -connect $SSL_URL:443 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /usr/local/share/ca-certificates/$SSL_URL.crt
update-ca-certificates Then restart drawio container. |
@tafkos Thank you for your solution, but it does not work in my case. I did the steps you do. I also additional added all the certificates needed into the tomcat keystore (which was postet as solution someware else). I added all the certificates from the whole certification path, which is working on different applications. |
@B0rner Have you restarted drawio container after imported local gitlab certificate ? |
@tafkos Yes, I did. I restarted the draw.io docker container after importing the certificates. The error messages is different, but I'm not sure if this is really based on the imported certificates. After i clicked autorisized in gitlab during the authorization process, gitlab returned back to the draw.io host, which returned an HTTP Error 500. (but URL, protocol and port are correct). The errormessage is now: |
Preflight Checklist
Describe the bug
I'm unable to authorize self hosted gitlab connection between draw.io container and gitlab.
To Reproduce
Steps to reproduce the behavior:
ports:
- 8081:8080
- 8444:8443
environment:
- DRAWIO_BASE_URL=http://my-drawio-host:8081
- DRAWIO_GITLAB_ID=abc..
- DRAWIO_GITLAB_SECRET=def...
- DRAWIO_GITLAB_URL=https://gitlab-host
- DRAWIO_CSP_HEADER=default-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self' https://gitlab-host; img-src * data:; media-src * data:; font-src * about:; style-src 'self' 'unsafe-inline';
https://gitlab-host/oauth/authorize?client_id=a123&scope=api%20read_repository%20write_repository&redirect_uri=http%3A%2F%2Fmy-drawio-host%3A8081%2Fgitlab&response_type=code&state=cId%3Da123%26domain%3Dmy-drawio-host%26token%3Dbcd123
and gitlab returns the error: "The redirect URI included is not valid."This is correct, because redirect-URL in the link is https://my-drawio-host:8081/gitlab. But the redirect-url in the Git-Appliaction config is https://my-drawio-host:8081/gitlab.html, es explained here: #493 (comment)
https://my-drawio-host:8081/gitlab
tohttps://my-drawio-host:8081/gitlab.html
I get the gitlab dialog "Authorize drawio to use your account? ". If I click "Autorize" the gitlab tab closes an the draw.io tab show an "error"-pupop: "Access Denied" with the option to Try again" or to cancel.5a. Alternative Way to 5: I change the redirect-URL in the gitlab Appliation Setting to https://my-drawio-host:8081/gitlab. And runnig step 3 &4 without error, but the draw.io page ends in an blank page.
Expected behavior
draw.io version (In the Help->About menu of the draw.io editor):
Desktop (please complete the following information):
Additional context
Running jgraph/drawio:latest docker image on ubuntu 20.04.03
The text was updated successfully, but these errors were encountered: