Comments (15)
Hi @shantanumitra62,
v7.4 is quite old and we don't support it. Please try on the latest v8.5 once.
from pgadmin4.
Hi Team,
We have upgraded the PgAdmin to the latest 8.5 version image, but still we see the same redirect error.
The redirect url still looks like this : https://server:80/pgadmin4/oauth2-header/oauth2-header, with port 80 in the server name.
We are not sure from where this port 80 is coming and we want to get rid of this port 80 in our redirect url.
Please help us on this.
from pgadmin4.
Hi Team, hi @akshay-joshi ,
Can you please help me with the issue, I have updated to the newer version of image and still see the same error.
Awaiting response from you.
Regards
Shantanu
from pgadmin4.
Hi @shantanumitra62, what is the oauth2-header in your URL ( https://server:80/pgadmin4/oauth2-header/oauth2-header) ?
Please provide your configuration file to further investigate.
from pgadmin4.
Hi @khushboovashi ,
Here is the config which we are using:
'OAUTH2_NAME': '',
'OAUTH2_DISPLAY_NAME': '',
'OAUTH2_CLIENT_ID': os.environ['OAUTH2_CLIENT_ID'],
'OAUTH2_CLIENT_SECRET': os.environ['OAUTH2_CLIENT_SECRET'],
'OAUTH2_TOKEN_URL': 'https://sso-int.sensitive-data.com/as/token.oauth2',
'OAUTH2_AUTHORIZATION_URL': 'https://sso-int.sensitive-data.com/as/authorization.oauth2',
'OAUTH2_API_BASE_URL': 'https://sso-int.sensitive-data.com',
'OAUTH2_SCOPE': 'openid email profile',
'OAUTH2_SERVER_METADATA_URL': 'https://sso-int.sensitive-data.com/.well-known/openid-configuration',
'OAUTH2_USERINFO_ENDPOINT': 'https://sso-int.sensitive-data.com/idp/userinfo.openid',
'OAUTH2_SSL_CERT_VERIFICATION': True,
'OAUTH2_BUTTON_COLOR': '#0000ff',
from pgadmin4.
@shantanumitra62, send me the entire config file.
from pgadmin4.
Hi @khushboovashi ,
Can you please help me to understand what exactly you mean when you refer the entire config file?
We are following the examples from this official page:
https://github.com/rowanruseler/helm-charts/blob/main/charts/pgadmin4/examples/add-oauth2-config.yaml
and we are doing exactly the same, so as per this link the config-map is the configuration file which I have shared it with you. Can you please suggest now
from pgadmin4.
Hi @shantanumitra62,
This doesn't look like a pgAdmin issue but more on the load balancer config. Try to run pgAdmin with simply oauth2 without any nodes in between.
Can you also try tweaking below config variables?
# Reverse Proxy parameters
# You must tell the middleware how many proxies set each header
# so it knows what values to trust.
# See https://tinyurl.com/yyg7r9av
# for more information.
# Number of values to trust for X-Forwarded-For
PROXY_X_FOR_COUNT = 1
# Number of values to trust for X-Forwarded-Proto.
PROXY_X_PROTO_COUNT = 1
# Number of values to trust for X-Forwarded-Host.
PROXY_X_HOST_COUNT = 0
# Number of values to trust for X-Forwarded-Port.
PROXY_X_PORT_COUNT = 1
# Number of values to trust for X-Forwarded-Prefix.
PROXY_X_PREFIX_COUNT = 0
from pgadmin4.
Hi @adityatoshniwal ,
Thanks for your response, we tweaked the above suggested values but there is no change in redirect uri, it still adds the port 80 when we set "X-Scheme" header value to "https".
Please suggest now.
from pgadmin4.
Hi @khushboovashi @adityatoshniwal ,
Can you please update us on this issue as we are stuck badly.
the oauth2-header in our URL ( https://server:80/pgadmin4/oauth2/authorize)
from pgadmin4.
@shantanumitra62, the redirect URL should be configured at the Oauth2 provider site. Can you share a screenshot of your OIDC provider settings?
from pgadmin4.
Hi @khushboovashi,
Thanks for letting us know. Surely we are aware of this, but the problem is something else.
1> We have followed the official gitHub documentation to configure oauth2 authorization from this link:
https://github.com/rowanruseler/helm-charts/blob/main/charts/pgadmin4/examples/add-oauth2-config.yaml
So based on the above configuration I have already provided the configuration parameters we are creating using configmap with the file config_local.py with these values:
'OAUTH2_NAME': '',
'OAUTH2_DISPLAY_NAME': '',
'OAUTH2_CLIENT_ID': os.environ['OAUTH2_CLIENT_ID'],
'OAUTH2_CLIENT_SECRET': os.environ['OAUTH2_CLIENT_SECRET'],
'OAUTH2_TOKEN_URL': 'https://sso-int.sensitive-data.com/as/token.oauth2',
'OAUTH2_AUTHORIZATION_URL': 'https://sso-int.sensitive-data.com/as/authorization.oauth2',
'OAUTH2_API_BASE_URL': 'https://sso-int.sensitive-data.com/',
'OAUTH2_SCOPE': 'openid email profile',
'OAUTH2_SERVER_METADATA_URL': 'https://sso-int.sensitive-data.com/.well-known/openid-configuration',
'OAUTH2_USERINFO_ENDPOINT': 'https://sso-int.sensitive-data.com/idp/userinfo.openid',
'OAUTH2_SSL_CERT_VERIFICATION': True,
'OAUTH2_BUTTON_COLOR': '#0000ff',
Now that we have provided the values to configure oauth2 authentication, the pgadmin redirects us to the oidc provider login page for authentication but here the pgadmin application instead of providing us with the proper redirect uri which in our case should be
https://hostname/pgadmin4/oauth2/authorize
gives us this redirect uri:
https://hostname:80/pgadmin4/oauth2/authorize
as you can see that port80 is getting added to our URI which makes it an improper redirect URI.
So our question was what can be chnaged or tweaked so that we get the proper redirect URI.
Please note: pgAdmin is hosted behind our Load Balancer and we are passing a header "X-Scheme = https" explicitly to specify the requester that the request is served over HTTPS.
from pgadmin4.
Hi @shantanumitra62, we can schedule a screen-sharing session between 10 AM to 5 PM IST. Share the link to join.
from pgadmin4.
Thank you @khushboovashi for the screen sharing offer, surely let me discuss with my team on this and I will get back to you.
from pgadmin4.
HI @adityatoshniwal @khushboovashi ,
Can you please share your official email id of yours and concerned members so that we can share the official meeting invite with you all.
Regards
Shan
from pgadmin4.
Related Issues (20)
- Schema Diff does not find differences on 'GRANT USAGE ON SCHEMA' HOT 1
- pgAgent Job issue: Couldn't get a connection to the database when local SQL mode specified in another database other than postgres HOT 8
- Issue with Pgadmin4 Docker nginx reverse proxy HOT 21
- No message is displayed if a user with no privilege to terminate a query tries to do so on query tool.
- Dark Theme starts with a big white screen HOT 1
- Pgadmin install error in Ubuntu 24.04 LTS HOT 1
- Linter does not handle C-Style escape string constants (postgresql.org 4.1.2.2) HOT 4
- Query tool: Pressing [tab] does not align to next tab position
- Display user friendly message if user hits 'Recover Password' button with empty password field HOT 1
- Print support HOT 2
- pgAdmin:Commented SQL statement executes when toggle back/forth for the SQL statement and above line. HOT 10
- pgAgent installation: Wrong/Misleading error message/failed installation when the default postgres db user's password doesn't meet window security policy. HOT 2
- Replace NW.js with Electron HOT 2
- On refreshing schema diff tool opened in new tab gives error 'Transaction not found' error
- Password reset fails with 'ResetPasswordForm' object has no attribute 'user' HOT 1
- Update notistack library to version 3.x
- While adding a new server I'm facing this error : (Instance '<Server at 0x1fcdeff5b20>' is not persisted)
- Unable to launch pgAdmin 4: The procedure entry point DiscardVirtualMemory could not be located !!!
- Unable to launch pgAdmin 4: The procedure entry point DiscardVirtualMemory could not be located !!! HOT 1
- Query Tool Screenshot Displays Incorrect Function Key HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pgadmin4.