New feature: Support for Azure Application Proxy.

[ZawadaZSE]

Hey,

our Gerrit instance is exposed via Azure Application Proxy when accessed over internet.

Plugin can't connect to instance with following error as it get's Microsoft login page:

Expected JSON but got 'text/html; charset=utf-8'

Would it be possible to add support for some intermediate authentication methods? I guess that some popup window with cookie store should be enough.

What's your take on that?

Br, Kuba

[uwolfer]

Does this setup require double authentication, i.e. do you need to authenticate against the Azure proxy and after that against Gerrit?

[ZawadaZSE]

Yes first I need to log in with my MS account (with 2FA) just to access gerrit, then I need to log in into gerrit. Based on parts of documentation that I read and behavior that I see, it uses cookies for access control.

[filiagees]

@ZawadaZSE did you need any additional setup for your git cli?

[ZawadaZSE]

Hey, unfortunately we don't have git access over internet -> only gerrit UI.

[filiagees]

@ZawadaZSE, do you have more details about your scenario, e.g. when you browse to gerrit UI, can you inspect browser request to find out this cookie's name/value?

If you could retrieve data from your gerrit instance using a tool like e.g. curl -u 'user:pass' ... -b 'cookieName=value' ... -H 'someHeaders', it would be more clear how to solve your issue.

[ZawadaZSE]

Yeah, so it works like this. When I'm not connected to our corporate VPN I can access gerrit via Azure Application Proxy, curling the endpoint without cookies results with 302 Redirect to Microsoft SSO: https://login.microsoftonline.com/[...]/oauth2/authorize?response_type=code&client_id=[client_Id]&scope=openid&[some_other_params] After login (with 2FA) I end up with cookie "AzureAppProxyAccessCookie_[client_Id]_1.3" When I add this cookie to curl I get access to gerrit rest api.