consoleme
consoleme copied to clipboard
Netflix
Getting session expired when running for developer testing (bypassing authentication)
Hi, thanks for awesome work. To get started, we are trying to deploy locally with docker by changing nothing in config files, which means we are bypassing auth because of these present in example_config_development.yaml:
# A development configuration can specify a specific user to impersonate locally.
_development_user_override: [email protected]
# A development configuration can specify specific groups to consider the user a member of locally.
_development_groups_override:
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- consoleme_admins # Groups do not need to be an email address
command:
docker-compose -f docker-compose-dockerhub.yaml -f docker-compose-dependencies.yaml up
we have not done anything (tagging) with pre-existing IAM roles and users at this point.
apoligies, if we are missing something basic here your help but we will really appreciate any guidance we can get. :)
Hello!
If you open up Chrome Inspector's Network Tab while browsing to localhost:3000 , do you see a specific error in the calls to the backend? Here is a "working" example:
Your docker logs might give us a bigger clue. Check your consoleme container for a "Server Started" message like this:
Also, ensure that you have AWS credentials in your ~/.aws/credentials file on the host. Might also be worth trying to pull the latest dockerhub image and giving it another go:
docker-compose -f docker-compose-dockerhub.yaml -f docker-compose-dependencies.yaml pull
followed by
docker-compose -f docker-compose-dockerhub.yaml -f docker-compose-dependencies.yaml up
Thank you
Hi @castrapel ,
I was able to reproduce this problem. I deployed it on my dev eks cluster using helm. Once I looked on the network tab I could understand that the problem is that it can't redirect since it cannot find the address. I assume it only happens when it redirects to localhost (?).
Any way, this is the error:
Traceback (most recent call last): File "/usr/local/lib/python3.8/site-packages/tornado/web.py", line 1683, in _execute result = await result File "/apps/consoleme/consoleme/handlers/auth.py", line 11, in prepare await super(AuthHandler, self).prepare() File "/apps/consoleme/consoleme/handlers/base.py", line 170, in prepare return await self.authorization_flow() File "/apps/consoleme/consoleme/handlers/base.py", line 319, in authorization_flow res = await authenticate_user_by_saml(self) File "/apps/consoleme/consoleme/lib/saml.py", line 64, in authenticate_user_by_saml saml_auth = await init_saml_auth(saml_req) File "/apps/consoleme/consoleme/lib/saml.py", line 27, in init_saml_auth idp_metadata = OneLogin_Saml2_IdPMetadataParser.parse_remote(idp_metadata_url) File "/usr/local/lib/python3.8/site-packages/onelogin/saml2/idp_metadata_parser.py", line 92, in parse_remote idp_metadata = cls.get_metadata(url, validate_cert, timeout) File "/usr/local/lib/python3.8/site-packages/onelogin/saml2/idp_metadata_parser.py", line 50, in get_metadata response = urllib2.urlopen(url, timeout=timeout) File "/usr/local/lib/python3.8/urllib/request.py", line 222, in urlopen return opener.open(url, data, timeout) File "/usr/local/lib/python3.8/urllib/request.py", line 531, in open response = meth(req, response) File "/usr/local/lib/python3.8/urllib/request.py", line 640, in http_response response = self.parent.error( File "/usr/local/lib/python3.8/urllib/request.py", line 569, in error return self._call_chain(*args) File "/usr/local/lib/python3.8/urllib/request.py", line 502, in _call_chain result = func(*args) File "/usr/local/lib/python3.8/urllib/request.py", line 649, in http_error_default raise HTTPError(req.full_url, code, msg, hdrs, fp) urllib.error.HTTPError: HTTP Error 404:
If I understand correctly, even though we set the development flag to true, it tries to use saml when redirecting (as this is the default in the helm chart)
It would be awesome to get it fixed since it's impossible to develop it locally :)
Hi @castrapel, Having the same issue today, running it on docker locally. I am using example_config_docker_development.yaml file. It has all confit to bypass the auth locally. All containers running fine.
Machine: MacOS m1 Docker version: 24.0.2
