-
Notifications
You must be signed in to change notification settings - Fork 325
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Too many redirects issue #42
Comments
I'm traveling atm but just quickly... Could you try turning If that doesn't work I can take a closer look tomorrow |
Hi Ben, thanks for responding. I tried I had set |
'domains' are the ones that you are managing and is required in this case.
It's where the lasso cookie will be set.
…On Tue, Nov 13, 2018, 4:45 PM Paul Madden ***@***.*** wrote:
Hi Ben, thanks for responding. I tried allowAllUsers: false, but I still
fall into the redirect loop.
I had set allowAllUsers: true with the thought that that, combined with
whiteList entries, would let me authenticate a selected set of users from
any domain, without setting anything under domains. Is using allowAllUsers:
false, no domains section, and a whiteList section the right
configuration choice for that?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#42 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABNK64gbDsQII-4sMPUwaKyaosRMMMFyks5uu1mcgaJpZM4YcfG3>
.
|
Aha, that's the ticket. Now my (simplified) config works fine:
Thank you for the clarification. And thanks for Lasso! |
Glad that it's working. Feel like there's either a documentation bug or
possibly a configuration bug here. I'll look at that angle
…On Tue, Nov 13, 2018, 4:59 PM Paul Madden ***@***.*** wrote:
Closed #42 <#42>.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#42 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ABNK64apWBeuxUbfvjlA07xT8gIaZ3DCks5uu2rhgaJpZM4YcfG3>
.
|
EDIT: Disregard. I had misunderstood the The documentation here is a little confusing in this regard, because it makes it sound like those are the valid domains for callback URLs:
I've run into the same problem of infinite redirects, but the solution here (setting the domains) doesn't resolve it. Any suggestions would be appreciated. The initial redirect to /auth works and resolves the user, but it looks like the forward back to the original URL loses the JWT by the time it hits the /validate endpoint. Here are relevant logs: And config files: Vouch
Nginx
|
Usually this is cookie related. Try turning on vouch.testing and make sure
the callback, host header, vouch and the domains all align. If that
doesn't help please post config, nginx config and logs.
…On Sat, Jan 26, 2019, 8:05 AM Brett Profitt ***@***.*** wrote:
I've run into the same problem of infinite redirects, but the solution
here (setting the domains) doesn't resolve it. Any suggestions would be
appreciated.
The initial redirect to /auth works and resolves the user, but it looks
like the forward back to the original URL loses the JWT by the time it hits
the /validate endpoint.
Here are relevant logs:
vouch.log <https://github.com/vouch/vouch-proxy/files/2799176/vouch.log>
nginx.log <https://github.com/vouch/vouch-proxy/files/2799177/nginx.log>
And config files.
config.yml.txt
<https://github.com/vouch/vouch-proxy/files/2799179/config.yml.txt>
nginx.conf.txt
<https://github.com/vouch/vouch-proxy/files/2799178/nginx.conf.txt>
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#42 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABNK67_1lw5IXNfxV9gdIqNVKP1ujJzeks5vHHzRgaJpZM4YcfG3>
.
|
Ha! Well you can tell I read that one before I had finished my coffee.
Sorry I didn't see the configs and logs in the email.
I won't be able to take a look at this closer til tomorrow.
Thanks for offering those.
…On Sat, Jan 26, 2019, 9:24 AM Benjamin Foote ***@***.*** wrote:
Usually this is cookie related. Try turning on vouch.testing and make
sure the callback, host header, vouch and the domains all align. If that
doesn't help please post config, nginx config and logs.
On Sat, Jan 26, 2019, 8:05 AM Brett Profitt ***@***.***
wrote:
> I've run into the same problem of infinite redirects, but the solution
> here (setting the domains) doesn't resolve it. Any suggestions would be
> appreciated.
>
> The initial redirect to /auth works and resolves the user, but it looks
> like the forward back to the original URL loses the JWT by the time it hits
> the /validate endpoint.
>
> Here are relevant logs:
> vouch.log <https://github.com/vouch/vouch-proxy/files/2799176/vouch.log>
> nginx.log <https://github.com/vouch/vouch-proxy/files/2799177/nginx.log>
>
> And config files.
> config.yml.txt
> <https://github.com/vouch/vouch-proxy/files/2799179/config.yml.txt>
> nginx.conf.txt
> <https://github.com/vouch/vouch-proxy/files/2799178/nginx.conf.txt>
>
> —
> You are receiving this because you commented.
> Reply to this email directly, view it on GitHub
> <#42 (comment)>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/ABNK67_1lw5IXNfxV9gdIqNVKP1ujJzeks5vHHzRgaJpZM4YcfG3>
> .
>
|
It was a non-issue. I had misunderstood the domains options (see edit). Sounds like we both missed our coffees this morning ☕️ |
I looked through what appear to be related (closed) issues, but was not able to find a solution to my problem. I hope you can help.
I have Lasso (compiled binary, not docker container) running on one host, proxied behind NGINX with SSL, with its own hostname (
lasso.[domain].com
). I have a basic NGINX static site for testing with Lasso, running on a separate host, with its own hostname (foo.[domain].com
), also with SSL. I've tried to follow several guides for configuring both NGINX and Lasso. Here's what I see:When I hit the static site in Chrome, I'm redirected to the Google "Sign in" page. In my static site's NGINX
access.log
, I see the expected 302 redirect to Lasso; Lasso showsno jwt found in request
, a 401 from/validate
, then a 302 from/login
. Back in the browser, I enter my email address and password (I've gotallowAllUsers: true
in my Lassoconfig.yml
, along with a whitelist specifying my email address). My address bar showshttps://accounts.youtube.com/accounts/SetSID
for a bit, then I get a "too many redirects" error. In the logs, I see a long series of duplicate 302 redirects on the static-site side to thathttps://accounts.youtube.com/accounts/SetSID
address, and on the Lasso side agoogle userinfo body
JSON block that appears to be correct information about my account, but followed by a long series of/auth
->no jwt found in request
->/validate
->/login
->google userinfo body
-> [loop]. I have some Lasso debug log output, too, and nothing looks like an error.Here are what I hope are the relevant portions on my configs:
Static site
nginx.conf
:Lasso
nginx.conf
:Lasso
config.yml
:Any ideas where I might be going wrong here?
The text was updated successfully, but these errors were encountered: