Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSO Google connection failed in version 0.12.0 #1173

Open
khalangy opened this issue Dec 17, 2024 · 7 comments
Open

SSO Google connection failed in version 0.12.0 #1173

khalangy opened this issue Dec 17, 2024 · 7 comments

Comments

@khalangy
Copy link

Hi,

I installed the version 0.12.0 on one of my warpgate server and SSO not working on this version, it was working on v0.10.2.

Without changing configuration I have this error when I clic on SSO Login button

API error: no valid Host header found and `external_host` config option is not set

I tried to add the external_host in the configuration but I have an error with Google

Error 400: redirect_uri_mismatch

You can't connect to this app, because it doesn't comply with Google's OAuth 2.0 policy.

If you are the app's developer, register the redirect URI in the Google Cloud console.
Request details: redirect_uri=https://mywarpgate.example.com:8888/@warpgate/api/sso/return flowName=GeneralOAuthFlow

I tried to add :8888 in the redirect URI on Google OAuth but after I have SSL issues.

There is my SSO config

sso_providers:
- name: google
  label: Login SSO Google
  provider:
    type: google
    client_id: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com"
    client_secret: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
external_host: mywarpgate.example.com

I have apache with proxy path config

Is there something wrong in my conf ?

I have another server in version 0.10.2 and it works.

Thanks

Best regards
Moka
@Eugeny
Copy link
Member

Eugeny commented Dec 17, 2024

Please post your Apache proxy config

@khalangy
Copy link
Author

There is my apache conf

<VirtualHost *:80>
    ServerName mywarpgate.example.com
    Redirect / https://mywarpgate.example.com/
    
    RewriteEngine   On
    RewriteCond     %{HTTPS}        off
    RewriteCond     %{HTTP_HOST}%   !localhost
    RewriteRule     (.*)            https://%{HTTP_HOST}%{REQUEST_URI}
    </VirtualHost>

<VirtualHost *:443>
    ServerName mywarpgate.example.com
    SSLEngine on
    SSLCertificateFile      "/etc/apache2/ssl/mywarpgate.example.com/wildcard.example.com.crt"
    SSLCertificateChainFile "/etc/apache2/ssl/mywarpgate.example.com/wildcard.example.com.chain.crt"
    SSLCertificateKeyFile   "/etc/apache2/ssl/mywarpgate.example.com/wildcard.mywarpgate.example.com.key"
    ErrorLog        "/var/log/apache2/mywarpgate.example.com/error.log"
    CustomLog       "/var/log/apache2/mywarpgate.example.com/access.log"

    SSLProxyEngine On
    ProxyTimeout 60
    ProxyPreserveHost On
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLProxyProtocol all -SSLv2 -SSLv3
    ProxyPass / https://127.0.0.1:8888/
    ProxyPassReverse / https://127.0.0.1:8888/
    RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>

@khalangy
Copy link
Author

khalangy commented Dec 17, 2024
edited
Loading

Sorry I just saw that in Google config

external_host: warpgate.acme.inc:8888

I try

@khalangy
Copy link
Author

Ok same error with the external_host

Erreur 400 : redirect_uri_mismatch

@Eugeny
Copy link
Member

Eugeny commented Dec 18, 2024

Is http.trust_x_forwarded_headers enabled in your Warpgate config?

@khalangy
Copy link
Author

No It's not enabled

@Eugeny
Copy link
Member

Eugeny commented Dec 22, 2024

You should enable it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Eugeny @khalangy