EvgeniaBzzz
commented
2 weeks ago Hi @deepaksinghkhetwal Could you please show your proxy server config
Open deepaksinghkhetwal opened 2 weeks ago
EvgeniaBzzz
commented
2 weeks ago Hi @deepaksinghkhetwal Could you please show your proxy server config
deepaksinghkhetwal
commented
2 weeks ago Hello @EvgeniaBzzz
Please find my proxy server config
<VirtualHost *:80>
<Location / >
ProxyPass http://localhost:8978/
ProxyPassReverse http://localhost:8978/
AuthType Basic
AuthName "Enter LDAP credentials"
AuthBasicProvider ldap
AuthLDAPGroupAttribute memberOf
AuthLDAPSubGroupClass group
AuthLDAPGroupAttributeIsDN On
AuthLDAPURL removed
AuthLDAPBindDN removed
AuthLDAPBindPassword removed
require valid-user
RequestHeader add X-User %{AUTHENTICATE_SAMACCOUNTNAME}e
RequestHeader add X-Role user
RequestHeader add X-Team db-access
RequestHeader add X-First-name %{AUTHENTICATE_GIVENNAME}e
RequestHeader add X-Last-name %{AUTHENTICATE_SN}e
</Location>
</VirtualHost>The X-User header stops coming at some point. Possibly due to the end of the LDAP session. Could you also check if there is any errors in apache logs?
deepaksinghkhetwal
commented
2 weeks ago All the logs show 401 status code
Removed IP Address - - [24/Jun/2024:16:01:17 +0000] "HEAD / HTTP/1.1" 401 - Removed IP Address - - [24/Jun/2024:16:01:18 +0000] "POST /api/gql HTTP/1.1" 401 381 Removed IP Address - - [24/Jun/2024:16:01:19 +0000] "GET /api/ws HTTP/1.1" 401 381 Removed IP Address - - [24/Jun/2024:16:01:19 +0000] "POST /api/gql HTTP/1.1" 401 381 Removed IP Address - - [24/Jun/2024:16:01:20 +0000] "GET /service-worker.js HTTP/1.1" 401 381 Removed IP Address - - [24/Jun/2024:16:01:21 +0000] "GET /api/ws HTTP/1.1" 401 381
Logs when logged in from incognito
Removed IP Address - deepak [24/Jun/2024:16:02:24 +0000] "HEAD / HTTP/1.1" 200 - Removed IP Address - deepak [24/Jun/2024:16:02:55 +0000] "HEAD / HTTP/1.1" 200 - Removed IP Address - deepak [24/Jun/2024:16:02:56 +0000] "POST /api/gql HTTP/1.1" 200 4894 Removed IP Address - deepak [24/Jun/2024:16:02:56 +0000] "POST /api/gql HTTP/1.1" 200 270
EvgeniaBzzz
commented
1 week ago At the moment we don't have solution on our side. As a workaround, you could add cache clearing to your apache config.
Header set Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
Header set Pragma "no-cache"
Header set Expires "0"
Describe the bug I have configured access to cloudbeaver using reverse proxy(apache web server) adding ldap authentication. I can login to the cloudbeaver successfully. But after some time I am getting below error. I can login to incognito properly though
GQL Error: 401 Unauthorized GQL Error: 401 Unauthorized at CustomGraphQLClient.overrideRequest ()
at async NetworkStateService.sessionExpiredInterceptor ()
at async SessionExpireService.sessionExpiredInterceptor ()
at async SessionResource.loader ()
at async SessionResource.loadingTask ()
at async SessionResource.taskWrapper ()
at async Task.task ()
I have to remove cache and can login again
To Reproduce Steps to reproduce the behavior:
Screenshots If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Additional context On checking logs in the pod,
20-06-2024 07:46:21.211 [qtp182254297-41] ERROR i.c.service.WebServiceBindingBase - Unexpected error during gql request io.cloudbeaver.DBWebException: User authentication failed: Authentication parameter 'user' is missing
Below is the header configuration in httpd.conf RequestHeader add X-User %{AUTHENTICATE_SAMACCOUNTNAME}e RequestHeader add X-Role user RequestHeader add X-First-name %{AUTHENTICATE_GIVENNAME}e RequestHeader add X-Last-name %{AUTHENTICATE_SN}e