search

buzzfeed / sso

sso, aka S.S.Octopus, aka octoboi, is a single sign-on solution for securing internal services
MIT License
3.07k stars 187 forks source link

Getting 404 from authenticator when trying to login with Google #320

Closed omerxx closed 2 years ago

omerxx commented 2 years ago

Describe the bug Getting 404 page not found from authenticator when trying to login with Google:

https://sso-auth.domain.co/google/sign_in?client_id=***&redirect_uri=https%3A%2F%2F***.domain.co%2Foauth2%2Fcallback&response_type=code&scope=&sig=***%3D&state=***

To Reproduce Steps to reproduce the behavior: ECS run of sso-auth using prebuilt image:

FROM buzzfeed/sso
ARG client_id \
    client_secret \
    session_cookie_secret \
    session_key
ENV AUTHORIZE_EMAIL_DOMAINS=domain.co \
    AUTHORIZE_PROXY_DOMAINS=* \
    SERVER_SCHEME=https \
    SERVER_HOST=sso-auth.domain.co \
    CLIENT_PROXY_ID=$client_id \
    CLIENT_PROXY_SECRET=$client_secret \
    SESSION_COOKIE_SECRET=$session_cookie_secret \
    SESSION_KEY=$session_key 
ENTRYPOINT ["/bin/sso-auth"]

And the proxy:

FROM buzzfeed/sso

ARG client_id \
    client_secret \
    session_cookie_secret

ENV UPSTREAM_DEFAULT_EMAIL_DOMAINS="domain.co" \
    UPSTREAM_CONFIGFILE="/sso/upstream_configs.yml" \
    UPSTREAM_CLUSTER="tools-global" \
    PROVIDER_URL_EXTERNAL="https://sso-auth.domain.co" \
    CLIENT_ID=$client_id \
    CLIENT_SECRET=$client_secret \
    SESSION_COOKIE_SECRET=$session_cookie_secret
COPY ./upstream_config.yml /sso/upstream_configs.yml
ENTRYPOINT ["/bin/sso-proxy"]

upstream_config.yml:

- service: my-service
  default:
    from: sso-service.domain.co
    to: internal-service.domain.co

Expected behavior Google login screen

Screenshots image

Desktop (please complete the following information):

Additional context The DNS for sso-service.domain.co is pointing at the proxy. Seems like the proxy successfully redirects to the auth service which in turn, fails to identify the /google/sign_in? path

omerxx commented 2 years ago

Found the solution being PROVIDER_*... variables not set. After following the local docker compose settings to understand where I went wrong this was extremely hard to find - was hiding under env setting (which doesn't exist, only examples). The configuration documentation also does not state which variables are optional and which are not, making the experience of quick start hard to achieve...