Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support http proxy servers when exchanging authcode for token #63

Closed
cfryanr opened this issue Dec 3, 2019 · 0 comments · Fixed by #82
Closed

Support http proxy servers when exchanging authcode for token #63

cfryanr opened this issue Dec 3, 2019 · 0 comments · Fixed by #82

Comments

@cfryanr
Copy link

cfryanr commented Dec 3, 2019

From a Slack conversation with Enrique Medina Montenegro.

Good morning from the Netherlands 🙂 Here is the info about the proxy issue:

My company uses a corporative proxy --> http://proxy.internal.mycompany.org:8080 <-- to provide access to the Internet

  • If any Pod running in our K8s cluster needs outbound Internet access, then it must configure this proxy as env variables --> HTTP_PROXY, HTTPS_PROXY and NO_PROXY
  • When using the auth-service, the first redirection to our Azure AD IdP is actually performed by the browser, so there is no issue here
  • However, when the auth-service needs to exchange the authorization code for the access token, then it cannot due to not being able to access the Internet

Taking a look at the code, I see that you use the Boost.Beast library for HTTP matters, which claims not to have in its scope the addition of such proxy support:
https://groups.google.com/d/msg/boost-developers-archive/-Zf7f-dfcmA/BUAjLnngBAAJ

However, it seems to be pretty easy:
https://stackoverflow.com/questions/11523829/how-to-add-proxy-support-to-boostasio/11537603#11537603

These are the precise logs:

# kubectl logs productpage-v1-5c6798d7d4-mzhs9 -c authservice
[2019-12-03 08:04:48.487] [console] [info] RunServer: Server listening on 127.0.0.1:10003
[2019-12-03 08:05:01.305] [console] [trace] Check
[2019-12-03 08:05:01.305] [console] [trace] Matches
[2019-12-03 08:05:01.305] [console] [debug] Check: processing request ://bookinfo.dev.epocloud.altia.es/productpage with filter chain idp_filter_chain
[2019-12-03 08:05:01.305] [console] [trace] New
[2019-12-03 08:05:01.306] [console] [trace] OidcFilter
[2019-12-03 08:05:01.306] [console] [trace] Process
[2019-12-03 08:05:01.306] [console] [debug] Call from @172.16.20.105 to @172.16.135.3
[2019-12-03 08:05:01.306] [console] [info] GetTokenFromCookie: __Host-bookinfo-authservice-id-token-cookie token cookie missing
[2019-12-03 08:05:01.306] [console] [info] GetTokenFromCookie: __Host-bookinfo-authservice-access-token-cookie token cookie missing
[2019-12-03 08:05:01.306] [console] [trace] Process: checking handler for ://bookinfo.dev.epocloud.altia.es-/productpage
[2019-12-03 08:05:01.794] [console] [trace] Check
[2019-12-03 08:05:01.794] [console] [trace] Matches
[2019-12-03 08:05:01.794] [console] [debug] Check: processing request ://bookinfo.dev.epocloud.altia.es/productpage/oauth/callback?code=OAQABAAIAAACQN9QBRU3jT6bcBQLZNUj7FraunBPo2Anx9gyAxLsdu-bjmfQnfzP9GJZCGakYWsHRzeV_eP89xj8IlweogBgNVF-IJW88VHMjUF2mb1qBgxYUOcOhN4X0RovpJOv25ad5dUCGWpoHmK0n1Q04dDi5dYtbZDAYqPyc_xJmr-rwtSneZoVu7jL16aJ-cF6M96iJQSoZw5fUXlJDaECEls1FKHr6XOhsqtQYgyu8hEL9yt5r3ONyG7Oo6QDWheJi96axsOrOa4toF62bElJeVm4Rsv5C2FFEvMkTQJXXj1hEhc-zk-owBC4D8m5NVGKzRhwphgpkYtRBMyEZtouiJQReKRcGry4KbbXA87LDfM0S5XGX-Kyad7WHV3-s62gFwjW7QqyG0OUq2D6Obm0xIlnmlk6alUOowSAijHHbgf_zXlI34ACRW4pv7SqZ0b6SHtMEioJe0CNFCDBlUVC7Md3_9lCMoonwNoVpEHNE-9eOLKamC-sJyevrATPt6A-WX9HsWcPk3OBwiqnzwMP9DJxj7MLl6KATfLI0mmeswhluYLINKKuvhr6a6oWncaVK9HlsBjH-MYXoRv5kqoaMCh3tU6lNhFMHhUodCcwvPUG4CBDoPQ9UubmEctTyGway7viwDniuqfzP1hj1pVTH09ZrUcVgeSv4sEHeXgupQ4_j7lYtBqWaohHsoQngxVq5HvmSBA8qd_8_Qlxx3vXyGfXuZSFWaZghaKYKrRP7Dm8Dc9R8PvoliTBvL1fLh2KiyePncMfAalIh96NdN27zCLDtbLoNeJpf0NVvp-HXsBckBMxCxLsxMKm22UNLhB3wdSnBEND-HUFxCiPA1IzXsgCGoZW9cFvMFJtbIjyy3ZXkE7DJSewKjW4I7MIVABBEeccgAA&state=0w05_ITARWBE0BfMcW2oSNwFTMtiPRW3Iq_VBkLbAJY&session_state=c302d6d2-c392-424d-97d3-2579814617c4 with filter chain idp_filter_chain
[2019-12-03 08:05:01.794] [console] [trace] New
[2019-12-03 08:05:01.794] [console] [trace] OidcFilter
[2019-12-03 08:05:01.794] [console] [trace] Process
[2019-12-03 08:05:01.794] [console] [debug] Call from @172.16.20.105 to @172.16.135.3
[2019-12-03 08:05:01.795] [console] [info] GetTokenFromCookie: __Host-bookinfo-authservice-id-token-cookie token cookie missing
[2019-12-03 08:05:01.795] [console] [info] GetTokenFromCookie: __Host-bookinfo-authservice-access-token-cookie token cookie missing
[2019-12-03 08:05:01.795] [console] [trace] Process: checking handler for ://bookinfo.dev.epocloud.altia.es-/productpage/oauth/callback?code=OAQABAAIAAACQN9QBRU3jT6bcBQLZNUj7FraunBPo2Anx9gyAxLsdu-bjmfQnfzP9GJZCGakYWsHRzeV_eP89xj8IlweogBgNVF-IJW88VHMjUF2mb1qBgxYUOcOhN4X0RovpJOv25ad5dUCGWpoHmK0n1Q04dDi5dYtbZDAYqPyc_xJmr-rwtSneZoVu7jL16aJ-cF6M96iJQSoZw5fUXlJDaECEls1FKHr6XOhsqtQYgyu8hEL9yt5r3ONyG7Oo6QDWheJi96axsOrOa4toF62bElJeVm4Rsv5C2FFEvMkTQJXXj1hEhc-zk-owBC4D8m5NVGKzRhwphgpkYtRBMyEZtouiJQReKRcGry4KbbXA87LDfM0S5XGX-Kyad7WHV3-s62gFwjW7QqyG0OUq2D6Obm0xIlnmlk6alUOowSAijHHbgf_zXlI34ACRW4pv7SqZ0b6SHtMEioJe0CNFCDBlUVC7Md3_9lCMoonwNoVpEHNE-9eOLKamC-sJyevrATPt6A-WX9HsWcPk3OBwiqnzwMP9DJxj7MLl6KATfLI0mmeswhluYLINKKuvhr6a6oWncaVK9HlsBjH-MYXoRv5kqoaMCh3tU6lNhFMHhUodCcwvPUG4CBDoPQ9UubmEctTyGway7viwDniuqfzP1hj1pVTH09ZrUcVgeSv4sEHeXgupQ4_j7lYtBqWaohHsoQngxVq5HvmSBA8qd_8_Qlxx3vXyGfXuZSFWaZghaKYKrRP7Dm8Dc9R8PvoliTBvL1fLh2KiyePncMfAalIh96NdN27zCLDtbLoNeJpf0NVvp-HXsBckBMxCxLsxMKm22UNLhB3wdSnBEND-HUFxCiPA1IzXsgCGoZW9cFvMFJtbIjyy3ZXkE7DJSewKjW4I7MIVABBEeccgAA&state=0w05_ITARWBE0BfMcW2oSNwFTMtiPRW3Iq_VBkLbAJY&session_state=c302d6d2-c392-424d-97d3-2579814617c4
[2019-12-03 08:05:01.795] [console] [trace] RetrieveToken
[2019-12-03 08:05:01.795] [console] [trace] Post
[2019-12-03 08:05:01.860] [console] [info] Post: unexpected exception: handshake: WRONG_VERSION_NUMBER
[2019-12-03 08:05:01.860] [console] [info] RetrieveToken: HTTP error encountered: IdP connection error
@cfryanr cfryanr mentioned this issue Mar 20, 2020
Merged
nacx pushed a commit to nacx/authservice that referenced this issue Mar 11, 2024
@sergicastro
Fix mutex protection on TLS pool (istio-ecosystem#63)
28ae8dc 
And avoid confusing log if TLS is not required
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Support sending requests through a web proxy istio-ecosystem/authservice
1 participant
@cfryanr