New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Question] Spring Oauth2 Authentication AWS behind Zuul #942
Comments
Another strange thing is: My zuul server is also a web server, it contains also a view (root url) that is secured. If I visit https://xxx/ then zuul correclty redirects me to https://xxx/login. It just does not work for the services behind zuul. If I call https://xxx/service/login then the application correctly authenticates the user but does redirect the user back to https://localhost/service.. I've no idea anymore. I've tested everything.. Hope anyone understands my problem 😕 |
@Writtscher : Did you manage to find a solution for this ? having the exact same issue.... |
@Writtscher : I just switched my auth server to Jetty instead of Tomcat and now the redirect is working properly. |
Yep. I'll post it tomorrow. It's simple even tough I'm not sure whether it's the perfect solution. I've added a zuul filter (last in the chain) that puts the 'X-Forwarded-For' header of my AWS Loadbalancer into the host. Without this 'work around' zuul always passes 'localhost' as host header. This is kinda bad for my services.. |
Switching to jetty fixed it? Not sure if you have the same issue. My 'auth server' (salesforce) works correctly. It's just the service behind zuul that redirects the user to 'localhost/context/login' instead of 'mydomain/context/login'. As I said: I have fixed it with a zuul filter that modifies the 'host' header and passes the modified header down to my service. |
Yep same archi.. I'll post my solution tomorrow. But you don't have to wait, as I said I've added a simple zuul filter (spring component) that runs with order 10000. This filter sets the loadbalancer domain/ip as host header and passes it down. Then spring security should redirect you correctly. Very simple. |
Three things happening here:
This fixes our problems for now. We are not 100% sure that these "fixes" are ok but it is ok for now. |
I have a similar issue where /login sends me to system host (http://stackoverflow.com/questions/36881835/spring-mvc-web-app-behind-zuul-redirect-issue). Will try your fix, thanks. |
@Writtscher I had the same issue but I have a custom |
Closing this due to inactivity. Please re-open if there's more to discuss. |
Hi,
I have a question / problem. I've checked everything I could but didn't find a solution. I hope you can help me. My problem is similiar to this issue, I have the same setup:
Zuul log:
Service log:
Everything looks ok for me. But it does not work as I would expect.. My problem is that the default LoginUrlAuthenticationEntryPoint does not care about the headers and redirects unauthenticated users to http://localhost/login. This issue might fix it in the future but does not help me right now 😓. The debug log says it o.s.s.web.DefaultRedirectStrategy: Redirecting to 'https://localhost/login'. Also there is another log entry that shows that the header are not supported o.s.s.w.s.HttpSessionRequestCache: DefaultSavedRequest added to session: DefaultSavedRequest[https://localhost/server]
I have
activated for zuul and the service - but it does not help at all.
Another strange thing is that the zuul server redirects the user correctly. Not to http:localhost/login but the X-Forwarded-For server with /login path.
I have no ideas anymore. Could you please point me in the right direction?
Edit:
If I do curl http://localhost:10100/service/login on the sercver I see that the location response header is the correct location path,, but spring security does not redirect me to the provided host.. Im totally confused. Somewhere down the line the X-Forwarded-{For/Host} header gets lost?
Edit 2:
If I config
I don't see the request header logged anymore instead the header X-Forwarded-For XXX.XXX.XXX is logged.. If I configure
I don't see the request header logged anymore instead the header X-Forwarded-Host is logged... Wtf?
The text was updated successfully, but these errors were encountered: