Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ISSUE] Invalid Redirect URI in Camunda Platform 8.3.3 #1116

Closed
failnix opened this issue Dec 6, 2023 · 2 comments · Fixed by #1118
Closed

[ISSUE] Invalid Redirect URI in Camunda Platform 8.3.3 #1116

failnix opened this issue Dec 6, 2023 · 2 comments · Fixed by #1118
Assignees
@jessesimpson36
Labels
kind/bug Something isn't working as intended kind/medic Tasks for the medic size/xs Relative effort/time: Extra Small
Milestone
8.4 release

Comments

@failnix
Copy link
Contributor

failnix commented Dec 6, 2023
edited
Loading

Describe the issue:

The issue refers to #714 where it was already marked as fixed.

I'm trying to host a self-manged Camunda-Installation and group the following camunda-services within a url-prefix with ingress f.ex.

A snipped of my value-file looks like

global:
  ingress:
    enabled: true
  image:
      tag: 8.3.3
  identity:
    auth:
      enabled: true
      operate:
        redirectUrl: "http://acme.com/camunda/operate"

operate:
  enabled: true
  contextPath: "/camunda/operate"

When trying to login, for example, http://acme.com/operate, Keycloak shows the error Invalid parameter: redirect_uri in the browser and it's not possible to login.
The redirectUrl looks like http://acme.com/camunda/camunda/operate which is not correct ("camunda" is listed twice)

I think the problem for the operate-example is located in camunda-platform-helm/charts/camunda-platform/templates/operate/deployment.yaml L88
trimSuffix should not delete static "/operate" but the content of contextPath.

Expected behavior:

It should be possible to login into the apps normally.

How to reproduce:

Deploy any Helm chart v8.3.x with apps v8.3.x with combined Ingress enabled.

Logs:

Out of the keycloak-container

2023-12-06 07:59:21,354 WARN [org.keycloak.events] (executor-thread-20) type=LOGIN_ERROR, realmId=camunda-platform, clientId=operate, userId=null, ipAddress=10.42.0.1, error=invalid_redirect_uri, redirect_uri=http://acme.com/camunda/camunda/operate/identity-callback

Environment:

  • Platform: Any
  • Helm CLI version: v3.10.3
  • Chart version: 8.3.3
  • Values file: see snippet in description
@failnix failnix added the kind/issue Unidentified issue, it could be a bug, misconfig, or anything in between label Dec 6, 2023
@aabouzaid
Copy link
Member

aabouzaid commented Dec 6, 2023
edited
Loading

Hi @failnix thanks for reporting this.

Your guess is correct, the issue comes from the static trim trimSuffix /operate, so it will not work with a custom content path like /camunda/operate. It should be changed to be something like trimSuffix .Values.operate.contextPath (for all apps).

Do you like to make a PR to fix that?

@aabouzaid aabouzaid added kind/bug Something isn't working as intended size/xs Relative effort/time: Extra Small and removed kind/issue Unidentified issue, it could be a bug, misconfig, or anything in between labels Dec 6, 2023
@aabouzaid aabouzaid added this to the 8.4 release milestone Dec 6, 2023
@aabouzaid aabouzaid added support/community Marks an issue as related to a community support request kind/support and removed support/community Marks an issue as related to a community support request labels Dec 6, 2023
@failnix failnix mentioned this issue Dec 6, 2023
Merged
6 tasks
@failnix
Copy link
Contributor Author

failnix commented Dec 6, 2023
edited
Loading

Hi @failnix thanks for reporting this.

Your guess is correct, the issue comes from the static trim trimSuffix /operate, so it will not work with a custom content path like /camunda/operate. It should be changed to be something like trimSuffix .Values.operate.contextPath (for all apps).

Do you like to make a PR to fix that?

Hi @aabouzaid sorry I think I've created a new issue #1118 with my PR.

jessesimpson36 added a commit that referenced this issue Dec 11, 2023
@failnix @jessesimpson36
fix: removed hardcoded contextPaths while trimming redirectRootUrl (#…
e090b10 
…1118)

* fix: #1116 Invalid Redirect URI in Camunda Platform 8.3.3

fixed the trimSuffix-Expression of the
*IDENTITY_REDIRECT_ROOT_URL-env-variable in tasklist and operate

* test: adds unit tests for trimming contextPaths

---------

Co-authored-by: Jesse Simpson <[email protected]>
jessesimpson36 added a commit that referenced this issue Dec 14, 2023
@failnix @jessesimpson36
fix: removed hardcoded contextPaths while trimming redirectRootUrl (#…
64ac293 
…1118)

* fix: #1116 Invalid Redirect URI in Camunda Platform 8.3.3

fixed the trimSuffix-Expression of the
*IDENTITY_REDIRECT_ROOT_URL-env-variable in tasklist and operate

* test: adds unit tests for trimming contextPaths

---------

Co-authored-by: Jesse Simpson <[email protected]>
@hamza-m-masood hamza-m-masood added the kind/medic Tasks for the medic label May 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jessesimpson36 jessesimpson36

Labels
kind/bug Something isn't working as intended kind/medic Tasks for the medic size/xs Relative effort/time: Extra Small
Projects
None yet
Milestone
8.4 release
Development

Successfully merging a pull request may close this issue.

issue #1116 Invalid Redirect URI in Camunda Platform 8.3.3
4 participants
@aabouzaid @failnix @jessesimpson36 @hamza-m-masood