Skip to content
This repository has been archived by the owner on Jun 20, 2023. It is now read-only.

When running on HTTPS the sso doesn't work due to redirect URL #30

Closed
bmtcril opened this issue May 5, 2023 · 9 comments
Closed

When running on HTTPS the sso doesn't work due to redirect URL #30

bmtcril opened this issue May 5, 2023 · 9 comments
Assignees
Labels
bug Report of or fix for something that isn't working as intended help wanted Ready to be picked up by anyone in the community oars v1 Issues blocking OARS v1 release

Comments

@bmtcril
Copy link
Collaborator

bmtcril commented May 5, 2023

When running on HTTPS the sso doesn't work because the redirect uri is taken as http:{{LMS_HOST}}/...

Any ideas?

Checking the application configuration shows the correct information:

image

image

Originally posted by @Ian2012 in #15 (comment)

@bmtcril bmtcril added bug Report of or fix for something that isn't working as intended oars v1 Issues blocking OARS v1 release labels May 5, 2023
@bmtcril bmtcril moved this to Ready for Work in Data Working Group May 5, 2023
@bmtcril bmtcril added the help wanted Ready to be picked up by anyone in the community label May 5, 2023
@mariajgrimaldi
Copy link
Contributor

mariajgrimaldi commented May 11, 2023

I did some digging in the Flask-AppBuilder and found the redirect URI parameter is generated here using a function called url_for defined by flask itself. Take in mind one of the parameters is _external=True. Now, the url_for docs say:

In some cases, such as email messages, you want URLs to include the scheme and domain, like https://example.com/hello. When not in an active request, URLs will be external by default, but this requires setting SERVER_NAME so Flask knows what domain to use. APPLICATION_ROOT and PREFERRED_URL_SCHEME should also be configured as needed.

https://flask.palletsprojects.com/en/2.3.x/api/#flask.Flask.url_for

Should we configure PREFERRED_URL_SCHEME (HTTP by default) for our superset application? I haven't tested or even know if this is the right path. I could try it later though.

@bmtcril
Copy link
Collaborator Author

bmtcril commented May 11, 2023

@mariajgrimaldi thanks for digging into this, that seems like a good place to start!

@mariajgrimaldi
Copy link
Contributor

mariajgrimaldi commented May 11, 2023

I found this:

k exec -it pod/superset-7955b5465-bzxqq -- bash
flask shell
>>> app.config["PREFERRED_URL_SCHEME"]
'http'

So that might be the reason. I'll keep researching :)!

@mariajgrimaldi
Copy link
Contributor

@mariajgrimaldi
Copy link
Contributor

mariajgrimaldi commented May 12, 2023

We figured that this config PREFERRED_URL_SCHEME is used when there is not a request context which there is in our case. So that wasn't the solution. After some digging, we found the issues I mentioned above with some suggestions and possible explanations. After trying some stuff out we managed to make it work with this:
https://github.com/apache/superset/blob/master/superset/config.py#L273-L277

# tutorsuperset/templates/superset/apps/pythonpath/superset_config_docker.py
ENABLE_PROXY_FIX = True
FEATURE_FLAGS = {
    "DYNAMIC_PLUGINS": True
}

So we should add that config when using https!

image

I tested this on k8s installation, now I'll need to do it on our docker-compose one.

@bmtcril
Copy link
Collaborator Author

bmtcril commented May 15, 2023

Great, I look forward to hearing how it goes!

@mariajgrimaldi
Copy link
Contributor

We have a fix! I already linked the PR.

@mariajgrimaldi mariajgrimaldi moved this from Ready for Work to Doing in Data Working Group May 16, 2023
@mariajgrimaldi
Copy link
Contributor

assign me

@Ian2012
Copy link
Contributor

Ian2012 commented Jun 6, 2023

@bmtcril this one is resolved

@bmtcril bmtcril closed this as completed Jun 6, 2023
@github-project-automation github-project-automation bot moved this from Doing to Done in Data Working Group Jun 6, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Report of or fix for something that isn't working as intended help wanted Ready to be picked up by anyone in the community oars v1 Issues blocking OARS v1 release
Projects
None yet
Development

No branches or pull requests

3 participants