Closed
Bug 1328705
Opened 8 years ago
Closed 8 years ago
standupstage github and ldap providers don't work
Categories
(Infrastructure & Operations :: SSO: Issues, task)
Infrastructure & Operations
SSO: Issues
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: willkg, Unassigned)
Details
We're in the process of re-doing our auth0 implementation using the link method per Kang's issue here:
https://github.com/mozilla/standup/issues/308
However, the Github and LDAP options from the Mozilla auth0 SSO don't work.
STR with LDAP:
1. Go to https://standupstage.herokuapp.com/
2. Click on the "Sign in" link on the right-hand side of the navbar
3. Click on the "Sign in with Mozilla Auth" button in the middle of the page
4. Choose LDAP
5. Fill out LDAP creds
Expected:
You get logged into Standup -stage.
What happens:
You end up on https://auth.mozilla.auth0.com/login/callback and the content of the page is "Cannot POST /login/callback".
Similar thing happens with choosing Github auth option. However, the email auth option works fine.
Any idea what's going on? Is our Auth0 implementation wrong? Did we ask for the wrong things in the ServiceNow request?
Comment 1•8 years ago
|
||
Jabba confirmed that the Auth0 configuration doesn't have any glaring problems.
A few things I notice in the URL that resolves from your sign in button, when comparing it to https://testrp.security.allizom.org/:
https://auth.mozilla.auth0.com/login?client=jUNRL0G9LVGyxROwV42QJSyf7jh67960&protocol=oauth&state=foo&redirect_url=https://standupstage.herokuapp.com/auth/login&scope=openid%20email%20profile&response_type=code
1. protocol=oauth should be protocol=oauth2
2. state=foo should be state=SOME_BASE64_STRING -- I believe this is generated dynamically for each session, but not sure. I know it shouldn't be "foo"
3. redirect_url should be redirect_uri
4. The : and / should be encoded so https://standupstage.herokuapp.com/auth/login becomes https%3A%2F%2Fstandupstage.herokuapp.com%2Fauth%2Flogin
If any of these seem easy to resolve right off the bat, perhaps they solve your problem. Otherwise, I have to defer to kang for the specifics on how to implement any of these changes. He should be back on 1/9/17.
Flags: needinfo?(gdestuynder)
Reporter | ||
Comment 2•8 years ago
|
||
I fixed the protocol and redirect_url -> redirect_uri and that fixed it. Login works fine now for all three providers.
Thank you!
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Flags: needinfo?(gdestuynder)
You need to log in
before you can comment on or make changes to this bug.
Description
•