[management] After login it does not redirect to the dashboard page.

[charleech]

I've pulled the graviteeio/am-gateway:2, graviteeio/am-management-api:2 and graviteeio/am-management-ui:2 which is a latest version as 2.2.

After login it does not redirect to the dash board page.

Steps to Reproduce

1. Visit https://host:port/am/ui/
2. The browser redirect to the login page.
3. Enter username/password as admin/adminadmin.
4. Click the login button.
5. It still at the login page.

Note:

1. I've seen that the cookie named Auth-Graviteeio-AM is stored at the browser via the developer tool.
2. I open new tab and visit https://host:port/am/ui/, it redirect to the dashboard.
3. I've a chance to debug the network traffic and found that the POST to /am/admin/login return 302
   Log information

Request URL: https://:/am/admin/login Request method: POST

Request headers: Host: : User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en,th;q=0.7,en-US;q=0.3 Accept-Encoding: gzip, deflate, br Referer: https://:/am/admin/login Content-Type: application/x-www-form-urlencoded Content-Length: 131 Connection: keep-alive Cookie: JSESSIONID=1rnpgkjwuhp53g4wo42slizp2 Upgrade-Insecure-Requests: 1

Response headers: HTTP/1.1 302 Found Server: nginx/1.15.8 Date: Fri, 25 Jan 2019 14:58:16 GMT Content-Length: 0 Connection: keep-alive X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT X-Frame-Options: DENY Set-Cookie: JSESSIONID=1q8hpx6a4vaed1f6yd94qnnrpr;Path=/am/admin Set-Cookie: Auth-Graviteeio-AM="Bearer ....";Version=1;Path=/am/management;Expires=Fri, 01-Feb-2019 14:58:16 GMT;Max-Age=604800;Secure;HttpOnly Location: https://:/am/admin/authorize?redirect_uri=https://:/am/ui/login/callback

Your Environment

• Version used: 2.2
• Browser Name and version:
  • Firefox 64.0.2 (64-bit)
  • Chrome Version 71.0.3578.98 (Official Build) (64-bit)
• Operating System and version: Docker

[brasseld]

Hi @charleech

How do you run these docker images ?

Did you try using our docker-compose ? https://docs.gravitee.io/am/2.x/am_installguide_docker.html#running_am_in_a_single_line

[charleech]

Hi @brasseld ,

I use the gravitee-io/gravitee-docker/platform/docker-compose.yml.

And no, I haven't tried the running_am_in_a_single_line, yet.

Tomorrow, I will try with the running_am_in_a_single_line and will try my best to update you. (I'm at GMT+7 timezone :) )

[brasseld]

Ok.

So, good night 🛌 :)

[charleech]

Back to basic

I've finished testing with running_am_in_a_single_line, and it works perfectly. After logging in, it redirects to the dashboard as expected. The cookie named Auth-Graviteeio-AM has cookie path as /.

Revisit the issue

Then I go back to the gravitee-io/gravitee-docker/platform/docker-compose.yml to find the different.

I have found that there is a configuration about the gravitee_jwt_cookiepath as /am/management. I decided to remove only this line and keep the gravitee_jwt_cookiesecure=true as it is.

After restart all container via gravitee-io/gravitee-docker/platform/docker-compose.yml, After logging in, it redirect to the dashboard as expected as well.

Then I look at the cookie named Auth-Graviteeio-AM and found that the cookie path is /.

The relevant logs

Before change: HTTP response header

HTTP/1.1 302 Found
Server: nginx/1.15.8
Date: Sat, 26 Jan 2019 02:54:16 GMT
Content-Length: 0
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Frame-Options: DENY
Set-Cookie: JSESSIONID=1wfyp63svt7knvs02qj9uqts6;Path=/am/admin
Set-Cookie: Auth-Graviteeio-AM="Bearer ...";Version=1;Path=/am/management;Expires=Sat, 02-Feb-2019 02:54:16 GMT;Max-Age=604800;Secure;HttpOnly
Location: https://:/am/admin/authorize?redirect_uri=https://:/am/ui/login/callback

After change: HTTP response header

HTTP/1.1 302 Found
Server: nginx/1.15.8
Date: Sat, 26 Jan 2019 03:03:46 GMT
Content-Length: 0
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Frame-Options: DENY
Set-Cookie: JSESSIONID=ra8wabyt8kl91a9aynhz2586t;Path=/am/admin
Set-Cookie: Auth-Graviteeio-AM="Bearer ...";Version=1;Path=/;Expires=Sat, 02-Feb-2019 03:03:46 GMT;Max-Age=604800;Secure;HttpOnly
Location: https://:/am/admin/authorize?redirect_uri=https://:/am/ui/login/callback

HTTP/1.1 302 Found
Server: nginx/1.15.8
Date: Sat, 26 Jan 2019 03:03:46 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: JSESSIONID=ra8wabyt8kl91a9aynhz2586t;Path=/am/admin
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Location: https://:/am/ui/login/callback

HTTP/1.1 200 OK
Server: nginx/1.15.8
Date: Sat, 26 Jan 2019 03:03:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Accept-Ranges: bytes

The suspected

As the revisiting result as above, I understand that it is about the cookie path which the am-ui or am-management-api are not able to read so that it cannot redirect to the dashboard.

Could you please help to advise further?

[charleech]

I apologize for disturbing you. I'm not sure if you may be noticed the testing result or not.

[brasseld]

Did you have a try with browser private mode ?

[charleech]

No, all above testing results is based on normal browser.

Anyhow I also have a chance to test with the private mode, the result is same.

Furthermore I'm fine with the gravitee_jwt_cookiepath=/.

[brasseld]

I was playing with docker compose for AM last night and did not encounter any issues. Did you try to clean all the cookies for localhost ?

[charleech]

Do you mean the gravitee-io/gravitee-docker/platform/docker-compose.yml?

If yes, the line number 115 was changed to gravitee_jwt_cookiepath=/ as well.

So far I also clear all cookies and caches by pressing ctrl + shfit + delete, every time when I test.

[brasseld]

Yes, ant it works fine ;) Did you have a try ?

[charleech]

No, not yet. I will try my best to use the latest and will inform you the result asap.

[brasseld]

Ok, thanks for your feedback.

And if required, with can schedule a meeting with screen-sharing, I really want to understand what's going wrong with your env.

[charleech]

Thank you very much for your help, especially for your time. The latest docker compose works properly.

I also have a chance to investigate further via the browser web developer (the F12) and found that

1. After click the login button, it POST to /admin/login.
2. The server response as
   • HTTP status 302 with Location: .../admin/authorize?redirect_uri=.../ui/login/callback
   • There are 2 cookies as JSESSIONID and Auth-Graviteeio-AM
3. The browser redirect to the .../admin/authorize?redirect_uri=.../ui/login/callback with GET
   • At this point if the cookie path for the Auth-Graviteeio-AM
     • is a /, it is passed via the HTTP request header. The dashboard page display properly.
     • is a /management, it is not passed. Then the server send HTTP status 302 with Location: /admin/login, the login screen has been shown again.

I'm not sure if it is a trouble about my web browser or not. Here is my testing environment: -

1. Linux
   • CentOS Linux release 7.4.1708 (Core)
   • Firefox 60.4.0esr (64-bit)
2. Windows
   • Windows 10 Home 64 bits
   • Firefox 65.0 (64-bit)
   • Chrome 72.0.3626.81 (Official Build) (64-bit)

I hope this information may be useful.

[brasseld]

Hi @charleech

Does it mean that now everything is working properly?

[charleech]

I apologize for the confusion. I would like to confirm that the latest docker compose works perfectly.

Thank you very much. 😃