Closed dasarinaidu closed 3 months ago
@dasarinaidu Was this an issue in the previous release as well? Would we be able to use the QA Ping Identity account to investigate this issue?
I've tested with okta (which is another SAML provider) and found an issue. It's not exactly as described here though
1) Navigate to burger menu --> Users & Authentication --> Auth Provider
2) Select Okta and fill out all the required information
3) Click Save
4) Popup window is shown.
At this point if the user closes the pop up, the original window where the auth provider is configured will show a Access was not authorized
error. However, the provider is actually enabled and a refresh shows the correct state.
The above issue was caused by https://github.com/rancher/dashboard/pull/7623, which added an error if the auth provider redirected back to us without a nonce. However for SAML there is no nonce, so we threw an error where one was not needed.
@dasarinaidu Could you confirm this is what you see for Ping?
I've created https://github.com/rancher/dashboard/pull/9950 which fixes above. If the Ping error in this issue is the same I'll move out to 2.8q1
I wanted to leave a note that I've seen the issue in your comment @richard-cox for Okta for quite some time, probably since the issue was introduced. I can't remember exactly when I started working on auth providers but it's been at least since June when that PR was merged.
I just reproduced it on v2.8.0-rc1
Going on the updated description, I think this is the same issue from https://github.com/rancher/dashboard/issues/9949#issuecomment-1771179416 that affects all SAML providers. Given that it's not a regression and only affects the initial configuration I don't think this is a blocker for 2.8.0.
@richard-cox I am seeing the same behavior for okta and ping on 2.8.0-rc1
@richard-cox I did not see this issue on v2.7.6, I validated this on v2.7.6 and it worked as expected. Looks like this is introduced recently.
@dasarinaidu Correct, it was introduced via https://github.com/rancher/dashboard/pull/7623 in 2.7.7. There's some more info in the PR https://github.com/rancher/dashboard/pull/9950
I'm just posting something for other users who find this via Google. This same thing happens with the Shibboleth provider on Rancher v2.7.10 .
Completed validations with PingIdentity on v2.9-37f6eebf662459addc96bd31f486d8573a281c27-head
. Looks good and closing this card.
User can connect to Ping Identity but the screen navigations are not happening properly
Setup
Describe the bug User can connect to Ping Identity but the screen navigations are not happening properly
To Reproduce
Result a. User is on same Login screen and it turned to Login screen with PingIdentity screen and at the back the connection is Active b. After I click on Login with Ping Identity - It logged in but it opened another rancher screen c. When I close the small window it closes but the background screen still with all the values and it says Active on top and the Error on top says "Access was not authorized"
Screens attached
Expected Result a. After providing the PingIdentity user details the Login screen pop-up should be closed and the connection should happen successfully b. Previously entered Ping Identity details on the screen should be removed and it should say that the Auth is enabled (Active) with save button
Screenshots
Additional context