Existing Resources
Describe the bug
When attempting to access Kasm through the app tile in a situation where SSO is configured via SAML, with Okta as the IdP, users cannot log in. They are able to log into Kasm by visiting the configured FQDN directly, but they cannot use the app tile.
To Reproduce
- Configure SAML SSO via Okta. Set the logout URL to
<yourtenant>.okta.com.
- Open Kasm using the configured SSO URL (e.g.
apps.bobscrabshack.net).
- Close Kasm.
- Attempt to access Kasm using the app tile in Okta.
- Observe that login fails.
- Observe the following
Python-saml error in the API container logs: onelogin.saml2.errors.OneLogin_Saml2_Error: Redirect to invalid URL:
Expected behavior
Clicking on the app tile in Okta should open Kasm and log the user in.
Workspaces Version
1.16.1
Workspaces Installation Method
Single Server
Client Browser (please complete the following information):
Workspace Server Information (please provide the output of the following commands):
Workspace Server Information (please provide the output of the following commands):
uname -a: Linux apps 6.8.0-45-generic #45-Ubuntu SMP PREEMPT_DYNAMIC Fri Aug 30 12:02:04 UTC 2024 x86_64 x86_64 x86_64 GNU/Linuxcat /etc/os-release: Ubuntu 24.04.1 LTSsudo docker info: see below
docker info
Client: Docker Engine - Community
Version: 27.3.1
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.17.1
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.5.0
Path: /usr/local/lib/docker/cli-plugins/docker-compose
Server:
Containers: 10
Running: 9
Paused: 0
Stopped: 1
Images: 13
Server Version: 27.3.1
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan kasmweb/sidecar:1.0 macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7f7fdf5fed64eb6a7caf99b3e12efcf9d60e311c
runc version: v1.1.14-0-g2c9f560
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: builtin
cgroupns
Kernel Version: 6.8.0-45-generic
Operating System: Ubuntu 24.04.1 LTS
OSType: linux
Architecture: x86_64
CPUs: 16
Total Memory: 62.79GiB
Name: apps
ID: b9487cdf-61e6-4eb9-837f-ba9c6297ca75
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Existing Resources
Describe the bug
When attempting to access Kasm through the app tile in a situation where SSO is configured via SAML, with Okta as the IdP, users cannot log in. They are able to log into Kasm by visiting the configured FQDN directly, but they cannot use the app tile.
To Reproduce
<yourtenant>.okta.com.apps.bobscrabshack.net).Python-samlerror in the API container logs:onelogin.saml2.errors.OneLogin_Saml2_Error: Redirect to invalid URL:Expected behavior
Clicking on the app tile in Okta should open Kasm and log the user in.
Workspaces Version
1.16.1
Workspaces Installation Method
Single Server
Client Browser (please complete the following information):
Workspace Server Information (please provide the output of the following commands):
Workspace Server Information (please provide the output of the following commands):
uname -a:Linux apps 6.8.0-45-generic #45-Ubuntu SMP PREEMPT_DYNAMIC Fri Aug 30 12:02:04 UTC 2024 x86_64 x86_64 x86_64 GNU/Linuxcat /etc/os-release: Ubuntu 24.04.1 LTSsudo docker info: see belowdocker info