richard-cox
commented
1 year ago @dasarinaidu Was this an issue in the previous release as well? Would we be able to use the QA Ping Identity account to investigate this issue?
Closed dasarinaidu closed 3 months ago
richard-cox
commented
1 year ago @dasarinaidu Was this an issue in the previous release as well? Would we be able to use the QA Ping Identity account to investigate this issue?
richard-cox
commented
1 year ago I've tested with okta (which is another SAML provider) and found an issue. It's not exactly as described here though
1) Navigate to burger menu --> Users & Authentication --> Auth Provider
2) Select Okta and fill out all the required information
3) Click Save
4) Popup window is shown.
At this point if the user closes the pop up, the original window where the auth provider is configured will show a Access was not authorized error. However, the provider is actually enabled and a refresh shows the correct state.
The above issue was caused by https://github.com/rancher/dashboard/pull/7623, which added an error if the auth provider redirected back to us without a nonce. However for SAML there is no nonce, so we threw an error where one was not needed.
@dasarinaidu Could you confirm this is what you see for Ping?
richard-cox
commented
1 year ago I've created https://github.com/rancher/dashboard/pull/9950 which fixes above. If the Ping error in this issue is the same I'll move out to 2.8q1
nickwsuse
commented
1 year ago I wanted to leave a note that I've seen the issue in your comment @richard-cox for Okta for quite some time, probably since the issue was introduced. I can't remember exactly when I started working on auth providers but it's been at least since June when that PR was merged.
I just reproduced it on v2.8.0-rc1
richard-cox
commented
1 year ago Going on the updated description, I think this is the same issue from https://github.com/rancher/dashboard/issues/9949#issuecomment-1771179416 that affects all SAML providers. Given that it's not a regression and only affects the initial configuration I don't think this is a blocker for 2.8.0.
dasarinaidu
commented
1 year ago @richard-cox I am seeing the same behavior for okta and ping on 2.8.0-rc1
dasarinaidu
commented
1 year ago @richard-cox I did not see this issue on v2.7.6, I validated this on v2.7.6 and it worked as expected. Looks like this is introduced recently.
richard-cox
commented
1 year ago @dasarinaidu Correct, it was introduced via https://github.com/rancher/dashboard/pull/7623 in 2.7.7. There's some more info in the PR https://github.com/rancher/dashboard/pull/9950
stefanlasiewski
commented
7 months ago I'm just posting something for other users who find this via Google. This same thing happens with the Shibboleth provider on Rancher v2.7.10 .
dasarinaidu
commented
3 months ago Completed validations with PingIdentity on v2.9-37f6eebf662459addc96bd31f486d8573a281c27-head. Looks good and closing this card.
User can connect to Ping Identity but the screen navigations are not happening properly
Setup
Describe the bug User can connect to Ping Identity but the screen navigations are not happening properly
To Reproduce
Result a. User is on same Login screen and it turned to Login screen with PingIdentity screen and at the back the connection is Active b. After I click on Login with Ping Identity - It logged in but it opened another rancher screen c. When I close the small window it closes but the background screen still with all the values and it says Active on top and the Error on top says "Access was not authorized"
Screens attached
Expected Result a. After providing the PingIdentity user details the Login screen pop-up should be closed and the connection should happen successfully b. Previously entered Ping Identity details on the screen should be removed and it should say that the Auth is enabled (Active) with save button
Screenshots
Additional context