Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Preauth userNameHeader line breaks deployement with Tomcat #375

Open
philippeganz opened this issue Apr 26, 2018 · 1 comment
Open

Preauth userNameHeader line breaks deployement with Tomcat #375

philippeganz opened this issue Apr 26, 2018 · 1 comment
Labels
bug Something isn't working

Comments

@philippeganz
Copy link
Contributor

Hello,

In our setup we use Tomcat to deploy Rundeck, but since Tomcat uses AJP, there is an issue with the new 4 preauth lines added to the config file: more precisely, the rundeck.security.authorization.preauthenticated.userNameHeader = "" breaks our config; removing or commenting out that line works for us. As preauth, we use Shibboleth based on AD.

The patch we are currently using is shown in the What behaviour did you expect instead section. We'd be glad to provide you with a PR if that solution would be accepted.

Best regards,
Philippe

Affected Puppet, Ruby, OS and module versions/distributions

  • Puppet: 4.9.4
  • Ruby: 2.0.0p648
  • Distribution: Centos 7.4 3.10.0-693.21.1.el7.x86_64
  • Module version: 5.1

How to reproduce (e.g Puppet code you use)

class { '::rundeck':
...
    preauthenticated_config => {
      enabled       => true,
      attributeName => 'ADFS_GROUP',
      delimiter     => ';',
    },
...

What are you seeing

When trying to connect to Rundeck, previously working, we get an error message.

Error
Authentication is required

We found out that the problem was related to preauth config, more precisely to the userNameHeader being empty.

rundeck.security.authorization.preauthenticated.enabled = "true"
rundeck.security.authorization.preauthenticated.attributeName = "ADFS_GROUP"
rundeck.security.authorization.preauthenticated.delimiter = ";"
rundeck.security.authorization.preauthenticated.userNameHeader = ""
rundeck.security.authorization.preauthenticated.userRolesHeader = ""
rundeck.security.authorization.preauthenticated.redirectLogout = ""
rundeck.security.authorization.preauthenticated.redirectUrl = ""

What behaviour did you expect instead

To have these lines not added if the values are not defined, e.g.

<%- if @preauthenticated_config['userNameHeader'] -%>
rundeck.security.authorization.preauthenticated.userNameHeader = "<%= @preauthenticated_config['userNameHeader']%>"
<%- end -%>
<%- if @preauthenticated_config['userNameHeader'] -%>
rundeck.security.authorization.preauthenticated.userRolesHeader = "<%= @preauthenticated_config['userRolesHeader']%>"
<%- end -%>
<%- if @preauthenticated_config['userNameHeader'] -%>
rundeck.security.authorization.preauthenticated.redirectLogout = "<%= @preauthenticated_config['redirectLogout']%>"
<%- end -%>
<%- if @preauthenticated_config['userNameHeader'] -%>
rundeck.security.authorization.preauthenticated.redirectUrl = "<%= @preauthenticated_config['redirectUrl']%>"
<%- end -%>

Output log

Any additional information you'd like to impart
@juniorsysadmin juniorsysadmin added the bug Something isn't working label May 30, 2018
@philippeganz philippeganz mentioned this issue Jul 30, 2018
Closed
@philippeganz philippeganz mentioned this issue Jan 6, 2020
Closed
@phaedriel
Copy link
Contributor

Already covered by #441.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix preauth config for legacy setups
Fix preauth config to work with legacy setups
3 participants
@juniorsysadmin @philippeganz @phaedriel