Unexpected redirect on openam 13.5 ui login (Kubernetes)

This topic contains 2 replies, has 3 voices, and was last updated by  Warren Strange 2 years, 5 months ago.

  • Author
    Posts
  • #16006
     pietere 
    Participant

    I see some unexpected behavior when browsing to the login page of an OpenAM 13.5 installation.
    Setup: browser -> F5 BigIP LB -> Kubernetes service -> OpenAM Pod

    Below are the requests/responses as seen by the browser. Note that in —230— the redirect includes a hostname. I would expect this redirect to be a) relative (/openam/XUI/) or b) use the LB_PRIMARY_URL as set in openam.properties or c) respond with content as 13.0.0 with identical config does.

    —227—
    GET openam.openapi.k8sa.otas.nv/openam
    HTTP/1.1 302
    Location: /openam/
    Transfer-Encoding: chunked
    Date: Fri, 24 Feb 2017 11:15:21 GMT

    0
    —228—
    GET openam.openapi.k8sa.otas.nv/openam/
    <snip>
    <!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML//EN”>
    <html>
    <head>
    <title>Please Wait While Redirecting to Login page</title>

    <script language=”JavaScript”> <!–

    function redirectToAuth() {
    var params = getQueryParameters();
    var url = ‘UI/Login’;

    if (params != ”) {
    url += params;
    }
    top.location.replace(url);
    }

    function getQueryParameters() {
    var loc = ” + location;
    var idx = loc.indexOf(‘?’);
    if (idx != -1) {
    return loc.substring(idx);
    } else {
    return ”;
    }
    }
    //–>
    </script>
    </head>

    <body bgcolor=”#FFFFFF” onLoad=”redirectToAuth();”>
    </body>
    </html>
    —229—
    GET openam.openapi.k8sa.otas.nv/openam/UI/Login
    HTTP/1.1 302
    Location: /openam/XUI/#login/
    Content-Length: 0
    Date: Fri, 24 Feb 2017 11:15:21 GMT

    —230—
    GET openam.openapi.k8sa.otas.nv/openam/XUI/#login/
    HTTP/1.1 302
    Location: http://openam:80/openam/XUI/
    Content-Length: 0
    Date: Fri, 24 Feb 2017 11:15:21 GMT

    —231—
    HTTP/1.1 502 Fiddler – DNS Lookup Failed
    Date: Fri, 24 Feb 2017 11:15:21 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: close
    Cache-Control: no-cache, must-revalidate
    Timestamp: 12:15:21.011

    Version 13.0.0 response on GET openam.openapi.k8sa.otas.nv/openam/XUI/#login/
    <snip>
    <head>
    <meta charset=”utf-8″>
    <meta http-equiv=”X-UA-Compatible” content=”IE=edge”>
    <meta name=”viewport” content=”width=device-width, initial-scale=1″>
    <title>OpenAM</title>
    </head>
    <body style=”display:none”>
    <div id=”messages” class=”clearfix”></div>
    <div id=”wrapper”>Loading…</div>
    <div id=”popup”>
    <snip>

    #16059
     binckbank 
    Participant

    Created backstage ticket #19296: Login to web UI fails

    #16615
     Warren Strange 
    Participant

    Apologies for the late reply – I did not see this.

    The redirection issue is most likely a problem with the site configuration.
    You need to configure a site, and set the external load balancer URL, then add the server to the site.

    You also need to ensure your external load balancing infrastructure is setting the request headers appropriately (X-Forwarded-For – from memory, but do check this)

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?