-
Notifications
You must be signed in to change notification settings - Fork 145
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cookie based authentication not possible with HTTPS #657
Comments
It should just work (tm). Thruk just reads the session id from the cookie. You could check if the cookie seems valid with firebug or something like that. Besides that, Thruk just takes the REMOTE_ENV from the apache env. |
So I turned on debug level logging and this is what I see. Doesn't seem very helpful. It seems like it should bring up the login form but instead it defaults to the state that the user is not authenticated if it's accessed via HTTPS.
|
The interesting information is in the apache logs. Also you can increase the rewrite log debug level. |
Not sure if I did it correctly, but this is what I saw, in the Apache error_log (not ssl_error_log where I had expected)
|
Thats information from the Thruk cgis. The thruk_auth debug output is prefixed with thruk_auth: and should be in the apache error log. |
I've run into the same issue when using https and cookie auth on Centos 7.3. The login page displays and works properly when using http, but when using https I get the "It seems like you are not authorized." error immediately. Nothing gets logged in Apache's error log at the time. Any suggestions? Thanks |
I've got the same setup/issue as you @briancamp. I'm not sure why this issue was closed... The workaround for me was to disable cookie authentication: https://www.thruk.org/documentation/faq.html#how-can-i-disable-cookie-authentication At that point you can implement authentication through Apache itself like you did in Thruk 1.x. This is what we're doing as a workaround, and it works fine. |
Hi, the issue still persists. So, the workaround is to disable cookie auth? Regards |
Is it still the issue from the first post? Did you follow this guide? |
I didn't have this set, and it solved it for me. |
I've tried to fix this a number of times tweaking by Apache config, but just cannot get it to work. I see another ticket was opened with the same issue but was closed with the direction to remove the thruk_cookie_auth_vhost.conf file. While this does offer a workaround, it remove the ability to have the login form and session cookie. So is this still a to-do item or is there no plan to get this working for HTTPS?
The current problem is the following error when attempting to enable HTTPS and navigate to the home URL of Thruk
The text was updated successfully, but these errors were encountered: