mod_auth_openidc needs to have the x-forwarded-port header set in proxied requests
Bug #1777884 reported by
Lars Kellogg-Stedman
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
Medium
|
Lars Kellogg-Stedman |
Bug Description
Keystone OpenID federation makes use of the mod_auth_openidc module. This module is responsible for generating browser redirects as part of the openid protocol negotiation. With our standard configuration, in which haproxy listens on port 13000 and proxies the requests to a virtual host on port 5000, mod_auth_openidc will generate redirect urls that erroneously use port 5000 rather than 13000.
mod_auth_openidc will make use of the x-forwarded-port header if it exists, so setting this as part of proxied requests allows it to generate correct redirects.
Changed in tripleo: | |
milestone: | none → rocky-3 |
importance: | Undecided → Medium |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/576867
Review: https:/