Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Getting session expired when running for developer testing (bypassing authentication) #9247

Open
ahsan-n opened this issue Sep 22, 2021 · 3 comments
Open

Getting session expired when running for developer testing (bypassing authentication) #9247

ahsan-n opened this issue Sep 22, 2021 · 3 comments

Comments

@ahsan-n
Copy link

ahsan-n commented Sep 22, 2021

Hi, thanks for awesome work. To get started, we are trying to deploy locally with docker by changing nothing in config files, which means we are bypassing auth because of these present in example_config_development.yaml:

# A development configuration can specify a specific user to impersonate locally.
_development_user_override: consoleme_admin@example.com

# A development configuration can specify specific groups to consider the user a member of locally.
_development_groups_override:
  - groupa@example.com
  - groupb@example.com
  - configeditors@example.com
  - consoleme_admins@example.com
  - consoleme_admins # Groups do not need to be an email address

command:

docker-compose -f docker-compose-dockerhub.yaml -f docker-compose-dependencies.yaml up

image

we have not done anything (tagging) with pre-existing IAM roles and users at this point.

apoligies, if we are missing something basic here your help but we will really appreciate any guidance we can get. :)
@ahsan-n ahsan-n changed the title Getting session expired when running for developer testing Getting session expired when running for developer testing (bypassing authentication) Sep 22, 2021
@castrapel
Copy link
Contributor

Hello!

If you open up Chrome Inspector's Network Tab while browsing to localhost:3000 , do you see a specific error in the calls to the backend? Here is a "working" example:

2021-09-22_21-05

Your docker logs might give us a bigger clue. Check your consoleme container for a "Server Started" message like this:

2021-09-22_21-06

Also, ensure that you have AWS credentials in your ~/.aws/credentials file on the host. Might also be worth trying to pull the latest dockerhub image and giving it another go:

docker-compose -f docker-compose-dockerhub.yaml -f docker-compose-dependencies.yaml pull
followed by
docker-compose -f docker-compose-dockerhub.yaml -f docker-compose-dependencies.yaml up

Thank you

@ops-hummus
Copy link

ops-hummus commented Dec 17, 2021
edited
Loading

Hi @castrapel ,
I was able to reproduce this problem. I deployed it on my dev eks cluster using helm. Once I looked on the network tab I could understand that the problem is that it can't redirect since it cannot find the address. I assume it only happens when it redirects to localhost (?).
Any way, this is the error:
Traceback (most recent call last): File "/usr/local/lib/python3.8/site-packages/tornado/web.py", line 1683, in _execute result = await result File "/apps/consoleme/consoleme/handlers/auth.py", line 11, in prepare await super(AuthHandler, self).prepare() File "/apps/consoleme/consoleme/handlers/base.py", line 170, in prepare return await self.authorization_flow() File "/apps/consoleme/consoleme/handlers/base.py", line 319, in authorization_flow res = await authenticate_user_by_saml(self) File "/apps/consoleme/consoleme/lib/saml.py", line 64, in authenticate_user_by_saml saml_auth = await init_saml_auth(saml_req) File "/apps/consoleme/consoleme/lib/saml.py", line 27, in init_saml_auth idp_metadata = OneLogin_Saml2_IdPMetadataParser.parse_remote(idp_metadata_url) File "/usr/local/lib/python3.8/site-packages/onelogin/saml2/idp_metadata_parser.py", line 92, in parse_remote idp_metadata = cls.get_metadata(url, validate_cert, timeout) File "/usr/local/lib/python3.8/site-packages/onelogin/saml2/idp_metadata_parser.py", line 50, in get_metadata response = urllib2.urlopen(url, timeout=timeout) File "/usr/local/lib/python3.8/urllib/request.py", line 222, in urlopen return opener.open(url, data, timeout) File "/usr/local/lib/python3.8/urllib/request.py", line 531, in open response = meth(req, response) File "/usr/local/lib/python3.8/urllib/request.py", line 640, in http_response response = self.parent.error( File "/usr/local/lib/python3.8/urllib/request.py", line 569, in error return self._call_chain(*args) File "/usr/local/lib/python3.8/urllib/request.py", line 502, in _call_chain result = func(*args) File "/usr/local/lib/python3.8/urllib/request.py", line 649, in http_error_default raise HTTPError(req.full_url, code, msg, hdrs, fp) urllib.error.HTTPError: HTTP Error 404:

If I understand correctly, even though we set the development flag to true, it tries to use saml when redirecting (as this is the default in the helm chart)

It would be awesome to get it fixed since it's impossible to develop it locally :)

@mamur-abdullaev
Copy link

mamur-abdullaev commented Oct 30, 2023
edited
Loading

Hi @castrapel, Having the same issue today, running it on docker locally. I am using example_config_docker_development.yaml file. It has all confit to bypass the auth locally. All containers running fine.

Machine: MacOS m1
Docker version: 24.0.2

Here is the chrome console :

Screen Shot 2023-10-30 at 6 54 08 PM Screen Shot 2023-10-30 at 7 00 14 PM

cosoleme-consoleme-1 log:

Screen Shot 2023-10-30 at 6 54 43 PM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@castrapel @ahsan-n @ops-hummus @mamur-abdullaev