Improper PGADMIN4 redirect URI

[shantanumitra62]

Hi Team, We are using PGadmin(Image:7.4) behind a load balancer running on AKS cluster and we are terminating ssl at the load balancer so the requests are reaching on port80 , now we want to configure OIDC but the redirect url still contains port 80 like this: https://server:80/pgadmin4/oauth2-header/oauth2-header We have already set the http request header X-Scheme to "https" and in addition X-forwarded-port to "443", but this seems to have no effect so can you please have a look at this and let us know which header or property should we set to achieve a redirect uri without port number

[adityatoshniwal]

Hi @shantanumitra62, v7.4 is quite old and we don't support it. Please try on the latest v8.5 once.

[shantanumitra62]

Hi Team, We have upgraded the PgAdmin to the latest 8.5 version image, but still we see the same redirect error. The redirect url still looks like this : https://server:80/pgadmin4/oauth2-header/oauth2-header, with port 80 in the server name. We are not sure from where this port 80 is coming and we want to get rid of this port 80 in our redirect url.

Please help us on this.

[shantanumitra62]

Hi Team, hi @akshay-joshi , Can you please help me with the issue, I have updated to the newer version of image and still see the same error. Awaiting response from you.

Regards Shantanu

[khushboovashi]

Hi @shantanumitra62, what is the oauth2-header in your URL ( https://server:80/pgadmin4/oauth2-header/oauth2-header) ? Please provide your configuration file to further investigate.

[khushboovashi]

@shantanumitra62, send me the entire config file.

[shantanumitra62]

Hi @khushboovashi , Can you please help me to understand what exactly you mean when you refer the entire config file? We are following the examples from this official page: https://github.com/rowanruseler/helm-charts/blob/main/charts/pgadmin4/examples/add-oauth2-config.yaml

and we are doing exactly the same, so as per this link the config-map is the configuration file which I have shared it with you. Can you please suggest now

[adityatoshniwal]

Hi @shantanumitra62, This doesn't look like a pgAdmin issue but more on the load balancer config. Try to run pgAdmin with simply oauth2 without any nodes in between. Can you also try tweaking below config variables?

# Reverse Proxy parameters
# You must tell the middleware how many proxies set each header
# so it knows what values to trust.
# See https://tinyurl.com/yyg7r9av
# for more information.

# Number of values to trust for X-Forwarded-For
PROXY_X_FOR_COUNT = 1

# Number of values to trust for X-Forwarded-Proto.
PROXY_X_PROTO_COUNT = 1

# Number of values to trust for X-Forwarded-Host.
PROXY_X_HOST_COUNT = 0

# Number of values to trust for X-Forwarded-Port.
PROXY_X_PORT_COUNT = 1

# Number of values to trust for X-Forwarded-Prefix.
PROXY_X_PREFIX_COUNT = 0

[shantanumitra62]

Hi @adityatoshniwal , Thanks for your response, we tweaked the above suggested values but there is no change in redirect uri, it still adds the port 80 when we set "X-Scheme" header value to "https". Please suggest now.

[shantanumitra62]

Hi @khushboovashi @adityatoshniwal , Can you please update us on this issue as we are stuck badly. the oauth2-header in our URL ( https://server:80/pgadmin4/oauth2/authorize)

[khushboovashi]

@shantanumitra62, the redirect URL should be configured at the Oauth2 provider site. Can you share a screenshot of your OIDC provider settings?

[khushboovashi]

Hi @shantanumitra62, we can schedule a screen-sharing session between 10 AM to 5 PM IST. Share the link to join.

[shantanumitra62]

Thank you @khushboovashi for the screen sharing offer, surely let me discuss with my team on this and I will get back to you.

[shantanumitra62]

HI @adityatoshniwal @khushboovashi , Can you please share your official email id of yours and concerned members so that we can share the official meeting invite with you all.

Regards Shan

[yogeshmahajan-1903]

@shantanumitra62 You can send invite to pgadmin-support@postgresql.org

[shantanumitra62]

Hi @yogeshmahajan-1903 , We have sent an official meeting invite to the mail id as mentioned by you. Kindly accept.