search

buzzfeed / sso

sso, aka S.S.Octopus, aka octoboi, is a single sign-on solution for securing internal services
MIT License
3.1k stars 186 forks source link

Redirecting to internal service url #290

Closed saithejareddy closed 3 years ago

saithejareddy commented 4 years ago

When I hit a domain like example.sso.external.my-domain.net which is directly redirecting to <internal-service-name>.<namespace>.svc.cluster.local:<port>/somepath.html

- service: example
  default:
    from: example.sso.external.my-domain.net
    to: http://svcname.ns.svc.cluster.local:port
    options:
      allowed_groups:
        - some@example.in
      timeout: 120s

In the browser itself, It was redirecting to the below url: <internal-service-name>.<namespace>.svc.cluster.local:<port>/somepath.html

I configured kind: ingress as well for this, that working fine.. With sso, I am not able to hit the application.

Will be Thankful if anyone helps me

katzdm commented 4 years ago

Hey, Sai! Just a guess, but it's possible that the upstream application is itself returning a 302 redirect to <internal-service-name>.<namespace>.svc.cluster.local. For example, perhaps it's upgrading http traffic to https and performing such a redirection.

When redirecting from the backend application, I believe you'll want to take care to use the host forwarded from SSO via the X-Forwarded-For header, rather than the one received via the Host header.

saithejareddy commented 4 years ago

Thanks for the response. Whatever you told is absolutely correct. Is there anyway to achieve this without changing backend application?