Unable to reach container hostname on localhost:9031 for OAuth test

[srinathkm]

trafficstars

Describe the bug I am running pingfederate docker image on Docker Desktop which is hosted on a MacOS laptop. Here, exposed the 9031 port in addition to 9999. But, when trying to test OAuth flow from host machine (OAuth Playground), seeing the following error during the "Exchange authorization code" for Tokens stage:

HTTP/1.1 400 Bad Request
Content-length: 114
Content-type: text/plain

An error occured while connecting to the server: DNS lookup failed for URL: https://localhost:9031/as/token.oauth2

To Reproduce Steps to reproduce the behavior:

1. Start docker container with the following command:

docker run \ --name pingfed \ --publish 9999:9999 \ --publish 9031:9031 \ --detach \ --env SERVER_PROFILE_URL=https://github.com/pingidentity/pingidentity-server-profiles.git \ --env SERVER_PROFILE_PATH=getting-started/pingfederate \ --env PING_IDENTITY_ACCEPT_EULA=YES \ --env [email protected] \ --env PING_IDENTITY_DEVOPS_KEY=d084503e-cfeb-0e52-d969-249a7c484223 \ --tmpfs /run/secrets \ pingidentity/pingfederate:edge

2. Configure the clients and OAuth flow for "Auth Code" grant type.
3. Use Google Oauth Playground to test the flow and set the following as URLs:

Authorization endpoint : https://localhost:9031/as/authorization.oauth2?
Token endpoint: https://localhost:9031/as/token.oauth2?

4.Select and Authorize API's works fine and shows the application asking for permission to access the resource. This generates the Auth Code successfully.

5. Then from "Exchange auth code for tokens" - on selecting "Exchange" shows the following error:

Request / Response

POST /as/token.oauth2 HTTP/1.1
Host: localhost:9031
Content-length: 248
content-type: application/x-www-form-urlencoded
user-agent: google-oauth-playground

code=O_e_9WdWvPdmctVwUXMm0oORjLRMiwiiGeqQLz6E&redirect_uri=https%3A%2F%2Fdevelopers.google.com%2Foauthplayground&client_id=<client_id>&client_secret=<secret>&scope=&grant_type=authorization_code

HTTP/1.1 400 Bad Request
Content-length: 114
Content-type: text/plain

An error occured while connecting to the server: DNS lookup failed for URL: https://localhost:9031/as/token.oauth2

Testing with cURL too is inconclusive and it is as follows:

<username>@C02F5AXLMD6M % curl -X POST -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" \ --user <client_id>:<client_secret> \ --data-urlencode "username=<username>" \ --data-urlencode "password=<password>" \ --data-urlencode "grant_type=authorization_code" \ --data-urlencode "code=XXKRwlZ04vyWDKhWHIPtYJYrirgYsa-qYuVeGKIy" \ --data-urlencode "scope=session:role:<role-name>" \ 'https://localhost:9031/as/token.oauth2' -insecure

This gives blank output instead of the actual access token.

Expected behavior

Get the access token using either cURL command or OAuth playground when testing with docker container for PingFed from local host machine.

Screenshots Added screenshots.

Environment:

• Github Repo: Ping Identity DevOps Docker Image
• Docker Container: pingfederate
• Cloud Environment: Docker Container on MacOs

Additional Info Tested following to ascertain the root cause :

<username>@C02F5AXLMD6M % **nc -v -z -w2 pingfederate 9031 Connection to pingfederate port 9031 [tcp/*] succeeded**

2. docker port pingfederate 9031/tcp -> 0.0.0.0:9031 9999/tcp -> 0.0.0.0:9999

<img width="1138" alt="Oauth Flow test step 1  Request for Approval" src="https://user-images.githubusercontent.com/15722289/160265941-2ba749bd-581a-449b-9b5e-b3f65b74cb39.png">
<img width="1792" alt="Playground Settings for Testing OAuth flow" src="https://user-images.githubusercontent.com/15722289/160265914-4a3776aa-9e54-4d0c-a491-0185ba3c9afa.png">