vscode-azure-account icon indicating copy to clipboard operation
vscode-azure-account copied to clipboard
verified publisher icon microsoft

Proxy configuration on remote vs code does not work with axios request

Open patst opened this issue 2 years ago • 3 comments

  • VS Code Version: 1.82.0
  • Azure Account Extension Version: v.011.5
  • OS Version: Linux devpod-example-docker-5f-75bbb 5.15.0-1041-azure 48-Ubuntu SMP Tue Jun 20 20:34:08 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

Are you connected to a proxy server? Yes

Steps to Reproduce:

  1. configure a proxy HTTPS_PROXY=http://<url>:3128
  2. Login with Azure

Error message:

2023-09-14 11:56:55.189 [info] MSAL: [Thu, 14 Sep 2023 11:56:55 GMT] : @azure/[email protected] : Info - getTokenCache called
2023-09-14 11:56:55.190 [trace] MSAL: [Thu, 14 Sep 2023 11:56:55 GMT] : @azure/[email protected] : Trace - getAllAccounts called
2023-09-14 11:56:55.249 [trace] MSAL: [Thu, 14 Sep 2023 11:56:55 GMT] : @azure/[email protected] : Trace - Retrieving all cache keys
2023-09-14 11:56:55.249 [trace] MSAL: [Thu, 14 Sep 2023 11:56:55 GMT] : @azure/[email protected] : Trace - Getting cache key-value store
2023-09-14 11:56:55.253 [info] Attempting to reach URL "https://login.microsoftonline.com/"...
2023-09-14 11:56:55.458 [trace] ADAL: Authority: VERBOSE: Performing instance discovery
2023-09-14 11:56:55.458 [trace] ADAL: Authority: VERBOSE: Performing static instance discovery
2023-09-14 11:56:55.458 [trace] ADAL: Authority: VERBOSE: Authority validated via static instance discovery.
2023-09-14 11:56:55.458 [debug] ADAL: DeviceCodeRequest: INFO: Getting user code info.
2023-09-14 11:56:55.459 [info] 
┌────── Axios Request POST https://login.microsoftonline.com/common/oauth2/devicecode?api-version=1.0
	Headers (8):
	└ Accept-Charset: "utf-8"
	└ Content-Type: "application/x-www-form-urlencoded"
	└ client-request-id: "059bdabc-8e48-4e80-80e5-e6d09139527f"
	└ return-client-request-id: "true"
	└ x-client-CPU: "x64"
	└ x-client-OS: "linux"
	└ x-client-SKU: "Node"
	└ x-client-Ver: "0.2.3"
	Query parameters (3):
	└ client_id: "aebc6443-996d-45c2-90f0-388ff96faa56"
	└ mkt: "en-us"
	└ resource: "https://management.core.windows.net/"
	Proxy configuration: None
└───────────────────────────────────────────────────
2023-09-14 11:56:55.512 [info] Get Device Code request returned http error: 500 and server response: "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n<html>\n<!-- FileName: index.html\n     Language: [en]\n-->\n<!--Head-->\n<head>\n  <meta content=\"text/html; charset=UTF-8\" http-equiv=\"Content-Type\">\n  <meta http-equiv=\"X-UA-Compatible\" content=\"IE=7\" />\n  <title>McAfee Web Gateway - Notification</title>\n  <script src=\"/mwg-internal/de5fs23hu73ds/files/javascript/sw.js\" type=\"text/javascript\" ></script>\n  <link rel=\"stylesheet\" href=\"/mwg-internal/de5fs23hu73ds/files/default/stylesheet.css\" />\n</head>\n<!--/Head-->\n<!--Body-->\n<body onload=\"swOnLoad();\">\n  <table class='bodyTable'>\n    <tr>\n      <td class='bodyData' background='/mwg-internal/de5fs23hu73ds/files/default/img/bg_body.gif'>\n<!--Logo-->\n<table class='logoTable'>\n  <tr>\n    <td class='logoData'>\n      <a href='http://www.mcafee.com'>\n        <img src='/mwg-internal/de5fs23hu73ds/files/default/img/logo_mwg.png'></a>\n    </td>\n  </tr>\n</table>\n<!--/Logo-->\n<!--Contents-->\n<!-- FileName: handshakefailed.html\n     Language: [en]\n-->\n<!--Title-->\n<table class='titleTable' background='/mwg-internal/de5fs23hu73ds/files/default/img/bg_navbar.jpg'>\n  <tr>\n    <td class='titleData'>\n      Handshake failed\n    </td>\n  </tr>\n</table>\n<!--/Title-->\n\n<!--Content-->\n<table class=\"contentTable\">\n  <tr>\n    <td class=\"contentData\">\n      The SSL handshake could not be performed.\n    </td>\n  </tr>\n</table>\n<!--/Content-->\n\n<!--Info-->\n<table class=\"infoTable\">\n  <tr>\n    <td class=\"infoData\">\n      <b>Host: </b>login.microsoftonline.com<br />\n      <b>Reason: </b>Can&apos;t initialize server context:handshakefailed:server state 1:state 9:Application response 500 handshakefailed\n    </td>\n  </tr>\n</table>\n<!--/Info-->\n\n<!--/Contents-->\n<!--Policy-->\n<table class='policyTable'>\n  <tr>\n    <td class='policyHeading'>\n      <hr>\n      Company Acceptable Use Policy\n    </td>\n  </tr>\n  <tr>\n    <td class='policyData'>\n      This is an optional acceptable use disclaimer that appears on every page. You may change the wording or remove this section entirely in index.html.\n    </td>\n  </tr>\n</table>\n<!--/Policy-->\n<!--Foot-->\n<table class='footTable'>\n  <tr>\n    <td class='helpDeskData' background='/mwg-internal/de5fs23hu73ds/files/default/img/bg_navbar.jpg'>\n      For assistance, please contact your system administrator.\n    </td>\n  </tr>\n  <tr>\n    <td class='footData'>\n      generated <span id=\"time\">2023-09-14 13:56:55</span> by McAfee Web Gateway\n      <br />\n      axios/0.21.4\n    </td>\n  </tr>\n</table>\n<!--/Foot-->\n      </td>\n    </tr>\n  </table>\n</body>\n<!--/Body-->\n</html>\n"
2023-09-14 11:56:55.513 [error] Acquiring user code failed

The proxy configuration is used somehow, as the error response with the handshake failed shows, but checking the proxy logs i see the host/url of the request is "https://login.microsoftonline.com/common/oauth2/devicecode?api-version=1.0", instead of just "login.microsoftonline.com:443" (without the protocol and path). I have seen similiar behaviour with axios and proxies before. Axios and proxies does not seems to be a great success story.

This issue seems similar: https://github.com/axios/axios/issues/5725

I tried the "Network Proxy Test" extension and connecting with the proxy to https://login.microsoftonline.com works fine.

Do you have any ideas how to fix the proxy configuration? I am setting the env vars HTTPS_PROXY and https_proxy at the moment.

patst avatar Sep 14 '23 12:09 patst

Hi @patst, we're aware of the proxy issues with the current Azure Account extension. We're prepping to release a new authentication system that should solve these issues.

It would help us a lot if you could try out the new authentication system and see if it fixes your proxy issues.

See the instructions for how to install it here: https://github.com/microsoft/vscode-azureresourcegroups/issues/738. Note, it will work best with the Insiders version of VS Code.

alexweininger avatar Sep 15 '23 01:09 alexweininger

Oh also, please see the Unable to Sign In While Using a Proxy section of our wiki for possible fixes. I know that disabling the proxy for these specific requests isn't always an option, but it has worked for a majority of users who have proxy issues.

alexweininger avatar Sep 15 '23 01:09 alexweininger

hi @alexweininger thanks for the fast answer.

We are working in a very restricted environment and cannot access any resource without proxy.

I did try out the new authentication system and was able to login and list Azure resources.

Great work, I hope this will be released rather sooner than later

patst avatar Sep 15 '23 07:09 patst