You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I understand that AWX is open source software provided for free and that I might not receive a timely response.
I am NOT reporting a (potential) security vulnerability. (These should be emailed to [email protected] instead.)
Bug Summary
Storing session information (cookies) on disk as permanent cookies poses a security risk, as they may be stolen. To mitigate this, I have configured Envoy to modify the cookie attributes, setting Expires/Max-Age to Session instead of a specific date and time.
After making this change, we attempted to log in to AWX using SAML. However, AWX continuously redirects, and after a few seconds, the AWX UI returns to the login page with two errors related to the APIs https://awx.com/api/v2/config/ and https://awx.com/api/v2/me/, both showing a 401 status code.
AWX version
23.6.0
Select the relevant components
UI
UI (tech preview)
API
Docs
Collection
CLI
Other
Installation method
kubernetes
Modifications
no
Ansible version
No response
Operating system
No response
Web browser
No response
Steps to reproduce
Configured Envoy to modify the cookie attributes, setting Expires/Max-Age to Session instead of a specific date and time.
Expected results
Successfully logged in to AWX using SAML.
Actual results
Failed to log in to AWX using SAML.
Additional information
No response
The text was updated successfully, but these errors were encountered:
Please confirm the following
[email protected]
instead.)Bug Summary
Storing session information (cookies) on disk as permanent cookies poses a security risk, as they may be stolen. To mitigate this, I have configured Envoy to modify the cookie attributes, setting Expires/Max-Age to Session instead of a specific date and time.
After making this change, we attempted to log in to AWX using SAML. However, AWX continuously redirects, and after a few seconds, the AWX UI returns to the login page with two errors related to the APIs https://awx.com/api/v2/config/ and https://awx.com/api/v2/me/, both showing a 401 status code.
AWX version
23.6.0
Select the relevant components
Installation method
kubernetes
Modifications
no
Ansible version
No response
Operating system
No response
Web browser
No response
Steps to reproduce
Configured Envoy to modify the cookie attributes, setting Expires/Max-Age to Session instead of a specific date and time.
Expected results
Successfully logged in to AWX using SAML.
Actual results
Failed to log in to AWX using SAML.
Additional information
No response
The text was updated successfully, but these errors were encountered: