[midPoint] oidc + infrastructure url problem

martin.spanik at evolveum.com martin.spanik at evolveum.com
Fri May 24 18:20:27 CEST 2024 

Hi Markus,

When you send http request to midPoint it responds by redirects to login page (default authentication). 
There is relative path in redirects if <publicHttpUrlPattern> is not set. If the <publicHttpUrlPattern> is set, the path in redirects is absolute, containing content of the parameter with ending slash added.

I tried to replicate your issue, but was not able to get the same error as you.  It looks like the parsing of hostname is failing for some reason.

Could you, please, check that:
- there is no typo in the <publicHttpUrlPattern> definition
- the <publicHttpUrlPattern> does not end with slash ("/") character - this hasn't been mentioned in docs yet, <publicHttpUrlPattern> can't end with "/"
- if you did modification of local part (e.g. <yourhost>/test-midpoint), then check, that also configuration of tomcat is synchronized with tomcat configuration. 
	The parameter is server.servlet.context-path: (value: /test-midpoint) and can be set via application.yaml config file or MP_SET_server_servlet_context-path variable
		See: https://docs.evolveum.com/midpoint/operations-manual/#changing-the-midpoint-embedded-tomcat-configuration

These checks will probably not solve the issue - just want to avoid some obvious errors.

I suppose, that there is some issue while with the hostname.
- Could you, please, send me the value of <publicHttpUrlPattern> ? 
- Could you, please, send the short description of the environment technology you are testing at   kubernetes/ docker/ .. 

You can send the data privately directly to my email (or support at evolveum.com) or you can anonymize the part of the domain. But I would like to have at least the structure of the name.

Best regards,

Martin Spanik,
Identity Engineer, Evolveum

-----Original Message-----
From: midPoint <midpoint-bounces at lists.evolveum.com> On Behalf Of Markus Calmius via midPoint
Sent: štvrtok 16. mája 2024 16:44
To: midpoint at lists.evolveum.com
Cc: Markus Calmius <markus.calmius at proton.ch>
Subject: Re: [midPoint] oidc + infrastructure url problem


Hi,

I realised something when I tried to write a problem description for another person.

It actually has nothing to do with OIDC. I can reproduce it the problem using the default security policy/ username/password login.

The problem-description is the same.
Not setting a Public URL = everything works Setting it = only works when going to <hostname>/midpoint/

What exactly does midpoint reply with when using the public url pattern?


Markus

On Thursday, 16 May 2024 at 12:00, midpoint-request at lists.evolveum.com <midpoint-request at lists.evolveum.com> wrote:

> Send midPoint mailing list submissions to midpoint at lists.evolveum.com
> 
> To subscribe or unsubscribe via the World Wide Web, visit 
> https://lists.evolveum.com/mailman/listinfo/midpoint
> or, via email, send a message with subject or body 'help' to 
> midpoint-request at lists.evolveum.com
> 
> You can reach the person managing the list at 
> midpoint-owner at lists.evolveum.com
> 
> When replying, please edit your Subject line so it is more specific 
> than "Re: Contents of midPoint digest..."
> 
> 
> Today's Topics:
> 
> 1. oidc + infrastructure url problem (Markus Calmius) 2. Introduction 
> to Flexible Authentication Webinar Happening Today (Lukas Skublik)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Wed, 15 May 2024 13:46:10 +0000
> From: Markus Calmius markus.calmius at proton.ch
> 
> To: midPoint General Discussion midpoint at lists.evolveum.com
> 
> Subject: [midPoint] oidc + infrastructure url problem
> Message-ID:
> behCR8cM_pWN2b76rYkVNhaT1bhAWFp2NGpxx8AudRldhXNrxFvIKZ2f9aDadMgV0YA6fq
> zLOpaaIvDqUQRc_Lyi7MoQoeNK0KfpBi15orc=@proton.ch
> 
> 
> Content-Type: text/plain; charset="utf-8"
> 
> Hi,
> 
> I have a weird problem that I do not quite now how to solve/trouble-shoot.
> 
> If I do not set the <publicHttpUrlPattern> every thing works fine.
> 
> I can go to https://<hostname> or https://<hostname>/midpoint or https://<hostname>/midpoint/ and I will be re-directed to our Keycloak instance to login.
> 
> All good.
> Now, if I do configure the <publicHttpUrlPattern> (which I need to be 
> able to use links in email-notifications) I can only go to 
> https://<hostname>/midpoint/
> 
> that is, if I remove the trailing / or omit the /midpoint/ it fails and I see this in the log:
> 
> > ERROR (org.apache.coyote.http11.Http11Processor): Error processing 
> > request
> > 
> > java.lang.IllegalStateException: No current ServletRequestAttributes
> 
> 
> It is the same error as if I would go to any other url that does not exist.
> 
> Any ideas what could cause this?
> 
> Thanks,
> Markus
> -------------- next part -------------- An HTML attachment was 
> scrubbed...
> URL: 
> https://lists.evolveum.com/pipermail/midpoint/attachments/20240515/8c5
> de662/attachment-0001.htm
> 
> 
> ------------------------------
> 
> Message: 2
> Date: Thu, 16 May 2024 11:46:29 +0200
> From: Lukas Skublik lukas.skublik at evolveum.com
> 
> To: midpoint at lists.evolveum.com
> Subject: [midPoint] Introduction to Flexible Authentication Webinar 
> Happening Today
> Message-ID: a543d94c-4ab7-41cb-8b81-2dea4e3e46e8 at evolveum.com
> 
> Content-Type: text/plain; charset=UTF-8; format=flowed
> 
> Dear midPoint community,
> 
> I would like to invite you to today’s live webinar "Introduction to 
> Flexible Authentication" where you will learn about flexible 
> authentication and its basic configuration components.
> 
> I will introduce you to the principles of the authentication sequence 
> created by authentication modules and a simple authentication flow 
> with a single authentication module to an advanced flow created by 
> required, sufficient, and optional modules.
> 
> The webinar starts at 2PM CEST (8AM EDT / 9PM JST)
> 
> Zoom link:
> https://us02web.zoom.us/j/89354128730?pwd=NEtCMlRnc0NZUHAyZWtlZEEzTE50
> UT09
> Meeting ID: 893 5412 8730
> Passcode: 723687
> 
> Looking forward to seeing you today!
> --
> 
> 
> Lukas Skublik
> Java developer, Evolveum
> 
> 
> 
> ------------------------------
> 
> Subject: Digest Footer
> 
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
> 
> 
> ------------------------------
> 
> End of midPoint Digest, Vol 145, Issue 12
> *****************************************
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
https://lists.evolveum.com/mailman/listinfo/midpoint

More information about the midPoint mailing list