Open deepaksinghkhetwal opened 2 weeks ago
Hi @deepaksinghkhetwal Could you please show your proxy server config
Hello @EvgeniaBzzz
Please find my proxy server config
<VirtualHost *:80>
<Location / >
ProxyPass http://localhost:8978/
ProxyPassReverse http://localhost:8978/
AuthType Basic
AuthName "Enter LDAP credentials"
AuthBasicProvider ldap
AuthLDAPGroupAttribute memberOf
AuthLDAPSubGroupClass group
AuthLDAPGroupAttributeIsDN On
AuthLDAPURL removed
AuthLDAPBindDN removed
AuthLDAPBindPassword removed
require valid-user
RequestHeader add X-User %{AUTHENTICATE_SAMACCOUNTNAME}e
RequestHeader add X-Role user
RequestHeader add X-Team db-access
RequestHeader add X-First-name %{AUTHENTICATE_GIVENNAME}e
RequestHeader add X-Last-name %{AUTHENTICATE_SN}e
</Location>
</VirtualHost>
The X-User header stops coming at some point. Possibly due to the end of the LDAP session. Could you also check if there is any errors in apache logs?
All the logs show 401 status code
Removed IP Address - - [24/Jun/2024:16:01:17 +0000] "HEAD / HTTP/1.1" 401 - Removed IP Address - - [24/Jun/2024:16:01:18 +0000] "POST /api/gql HTTP/1.1" 401 381 Removed IP Address - - [24/Jun/2024:16:01:19 +0000] "GET /api/ws HTTP/1.1" 401 381 Removed IP Address - - [24/Jun/2024:16:01:19 +0000] "POST /api/gql HTTP/1.1" 401 381 Removed IP Address - - [24/Jun/2024:16:01:20 +0000] "GET /service-worker.js HTTP/1.1" 401 381 Removed IP Address - - [24/Jun/2024:16:01:21 +0000] "GET /api/ws HTTP/1.1" 401 381
Logs when logged in from incognito
Removed IP Address - deepak [24/Jun/2024:16:02:24 +0000] "HEAD / HTTP/1.1" 200 - Removed IP Address - deepak [24/Jun/2024:16:02:55 +0000] "HEAD / HTTP/1.1" 200 - Removed IP Address - deepak [24/Jun/2024:16:02:56 +0000] "POST /api/gql HTTP/1.1" 200 4894 Removed IP Address - deepak [24/Jun/2024:16:02:56 +0000] "POST /api/gql HTTP/1.1" 200 270
At the moment we don't have solution on our side. As a workaround, you could add cache clearing to your apache config.
Header set Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
Header set Pragma "no-cache"
Header set Expires "0"
Describe the bug I have configured access to cloudbeaver using reverse proxy(apache web server) adding ldap authentication. I can login to the cloudbeaver successfully. But after some time I am getting below error. I can login to incognito properly though
GQL Error: 401 Unauthorized GQL Error: 401 Unauthorized at CustomGraphQLClient.overrideRequest ()
at async NetworkStateService.sessionExpiredInterceptor ()
at async SessionExpireService.sessionExpiredInterceptor ()
at async SessionResource.loader ()
at async SessionResource.loadingTask ()
at async SessionResource.taskWrapper ()
at async Task.task ()
I have to remove cache and can login again
To Reproduce Steps to reproduce the behavior:
Screenshots If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Additional context On checking logs in the pod,
20-06-2024 07:46:21.211 [qtp182254297-41] ERROR i.c.service.WebServiceBindingBase - Unexpected error during gql request io.cloudbeaver.DBWebException: User authentication failed: Authentication parameter 'user' is missing
Below is the header configuration in httpd.conf RequestHeader add X-User %{AUTHENTICATE_SAMACCOUNTNAME}e RequestHeader add X-Role user RequestHeader add X-First-name %{AUTHENTICATE_GIVENNAME}e RequestHeader add X-Last-name %{AUTHENTICATE_SN}e