Improper PGADMIN4 redirect URI about pgadmin4 HOT 15 OPEN

Hi @shantanumitra62,
v7.4 is quite old and we don't support it. Please try on the latest v8.5 once.

from pgadmin4.

Hi Team,
We have upgraded the PgAdmin to the latest 8.5 version image, but still we see the same redirect error.
The redirect url still looks like this : https://server:80/pgadmin4/oauth2-header/oauth2-header, with port 80 in the server name.
We are not sure from where this port 80 is coming and we want to get rid of this port 80 in our redirect url.

Please help us on this.

from pgadmin4.

Hi Team, hi @akshay-joshi ,
Can you please help me with the issue, I have updated to the newer version of image and still see the same error.
Awaiting response from you.

Regards
Shantanu

from pgadmin4.

Hi @shantanumitra62, what is the oauth2-header in your URL ( https://server:80/pgadmin4/oauth2-header/oauth2-header) ?
Please provide your configuration file to further investigate.

from pgadmin4.

Hi @khushboovashi ,
Here is the config which we are using:

'OAUTH2_NAME': '',
'OAUTH2_DISPLAY_NAME': '',
'OAUTH2_CLIENT_ID': os.environ['OAUTH2_CLIENT_ID'],
'OAUTH2_CLIENT_SECRET': os.environ['OAUTH2_CLIENT_SECRET'],
'OAUTH2_TOKEN_URL': 'https://sso-int.sensitive-data.com/as/token.oauth2',
'OAUTH2_AUTHORIZATION_URL': 'https://sso-int.sensitive-data.com/as/authorization.oauth2',
'OAUTH2_API_BASE_URL': 'https://sso-int.sensitive-data.com',
'OAUTH2_SCOPE': 'openid email profile',
'OAUTH2_SERVER_METADATA_URL': 'https://sso-int.sensitive-data.com/.well-known/openid-configuration',
'OAUTH2_USERINFO_ENDPOINT': 'https://sso-int.sensitive-data.com/idp/userinfo.openid',
'OAUTH2_SSL_CERT_VERIFICATION': True,
'OAUTH2_BUTTON_COLOR': '#0000ff',

from pgadmin4.

@shantanumitra62, send me the entire config file.

from pgadmin4.

Hi @khushboovashi ,
Can you please help me to understand what exactly you mean when you refer the entire config file?
We are following the examples from this official page:
https://github.com/rowanruseler/helm-charts/blob/main/charts/pgadmin4/examples/add-oauth2-config.yaml

and we are doing exactly the same, so as per this link the config-map is the configuration file which I have shared it with you. Can you please suggest now

from pgadmin4.

Hi @shantanumitra62,
This doesn't look like a pgAdmin issue but more on the load balancer config. Try to run pgAdmin with simply oauth2 without any nodes in between.
Can you also try tweaking below config variables?

# Reverse Proxy parameters
# You must tell the middleware how many proxies set each header
# so it knows what values to trust.
# See https://tinyurl.com/yyg7r9av
# for more information.

# Number of values to trust for X-Forwarded-For
PROXY_X_FOR_COUNT = 1

# Number of values to trust for X-Forwarded-Proto.
PROXY_X_PROTO_COUNT = 1

# Number of values to trust for X-Forwarded-Host.
PROXY_X_HOST_COUNT = 0

# Number of values to trust for X-Forwarded-Port.
PROXY_X_PORT_COUNT = 1

# Number of values to trust for X-Forwarded-Prefix.
PROXY_X_PREFIX_COUNT = 0

from pgadmin4.

Hi @adityatoshniwal ,
Thanks for your response, we tweaked the above suggested values but there is no change in redirect uri, it still adds the port 80 when we set "X-Scheme" header value to "https".
Please suggest now.

from pgadmin4.

Hi @khushboovashi @adityatoshniwal ,
Can you please update us on this issue as we are stuck badly.
the oauth2-header in our URL ( https://server:80/pgadmin4/oauth2/authorize)

from pgadmin4.

@shantanumitra62, the redirect URL should be configured at the Oauth2 provider site. Can you share a screenshot of your OIDC provider settings?

from pgadmin4.

Hi @khushboovashi,
Thanks for letting us know. Surely we are aware of this, but the problem is something else.
1> We have followed the official gitHub documentation to configure oauth2 authorization from this link:
https://github.com/rowanruseler/helm-charts/blob/main/charts/pgadmin4/examples/add-oauth2-config.yaml

So based on the above configuration I have already provided the configuration parameters we are creating using configmap with the file config_local.py with these values:
'OAUTH2_NAME': '',
'OAUTH2_DISPLAY_NAME': '',
'OAUTH2_CLIENT_ID': os.environ['OAUTH2_CLIENT_ID'],
'OAUTH2_CLIENT_SECRET': os.environ['OAUTH2_CLIENT_SECRET'],
'OAUTH2_TOKEN_URL': 'https://sso-int.sensitive-data.com/as/token.oauth2',
'OAUTH2_AUTHORIZATION_URL': 'https://sso-int.sensitive-data.com/as/authorization.oauth2',
'OAUTH2_API_BASE_URL': 'https://sso-int.sensitive-data.com/',
'OAUTH2_SCOPE': 'openid email profile',
'OAUTH2_SERVER_METADATA_URL': 'https://sso-int.sensitive-data.com/.well-known/openid-configuration',
'OAUTH2_USERINFO_ENDPOINT': 'https://sso-int.sensitive-data.com/idp/userinfo.openid',
'OAUTH2_SSL_CERT_VERIFICATION': True,
'OAUTH2_BUTTON_COLOR': '#0000ff',

Now that we have provided the values to configure oauth2 authentication, the pgadmin redirects us to the oidc provider login page for authentication but here the pgadmin application instead of providing us with the proper redirect uri which in our case should be
https://hostname/pgadmin4/oauth2/authorize
gives us this redirect uri:
https://hostname:80/pgadmin4/oauth2/authorize
as you can see that port80 is getting added to our URI which makes it an improper redirect URI.
So our question was what can be chnaged or tweaked so that we get the proper redirect URI.

Please note: pgAdmin is hosted behind our Load Balancer and we are passing a header "X-Scheme = https" explicitly to specify the requester that the request is served over HTTPS.

from pgadmin4.

Hi @shantanumitra62, we can schedule a screen-sharing session between 10 AM to 5 PM IST. Share the link to join.

from pgadmin4.

Thank you @khushboovashi for the screen sharing offer, surely let me discuss with my team on this and I will get back to you.

from pgadmin4.

HI @adityatoshniwal @khushboovashi ,
Can you please share your official email id of yours and concerned members so that we can share the official meeting invite with you all.

Regards
Shan

from pgadmin4.