Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CKAN 2.10 - Authenticated catalog users not redirected to catalog-admin #4371

Closed
1 task
nickumia-reisys opened this issue Jun 27, 2023 · 3 comments
Closed
1 task

CKAN 2.10 - Authenticated catalog users not redirected to catalog-admin #4371

nickumia-reisys opened this issue Jun 27, 2023 · 3 comments
Assignees
@FuhuXia
Labels
bug Software defect or bug CKAN 2.10

Comments

@nickumia-reisys
Copy link
Contributor

nickumia-reisys commented Jun 27, 2023
edited
Loading

How to reproduce

  1. Try to log in to catalog-dev

Expected behavior

Login successful.

Actual behavior

SAML doesn't work..
image

Sketch

  • Figure out how to redirect users to catalog-admin if logged in
    • The old logic for doing this broke because CKAN removed the auth_tkt cookie.
@nickumia-reisys nickumia-reisys added bug Software defect or bug CKAN 2.10 labels Jun 27, 2023
@nickumia-reisys
Copy link
Contributor Author

While debugging with the team yesterday, we found out the real issue is that the auth_tkt cookie was removed in CKAN 2.10. Login works and has no issues. Our catalog-proxy redirects requests to catalog-admin if a user is logged in; otherwise, it redirects to catalog-web. The logic was controlled by the auth_tkt cookie. Since it no longer exists, after login, the user is redirected to catalog-web who didn't authenticate the user (catalog-admin has the login session). The issue is that the user can't access the server they are logged into.

@FuhuXia proposed a solution where we can possibly replicate the old logic by letting catalog-proxy manage the user-logged-in cookie.

According to this ticket, the change may only be implemented and take effect on CKAN 2.10.1, but we tried to use CKAN 2.10.0 and it still had the same issue... so there is no fallback option if we don't have a solution to do proper user redirecting

@nickumia-reisys nickumia-reisys changed the title CKAN 2.10 - Catalog SAML Login is Broken CKAN 2.10 - Authenticated catalog users not redirected to catalog-admin Jun 28, 2023
@FuhuXia
Copy link
Member

FuhuXia commented Jun 28, 2023
edited
Loading

Deleting nginx-authy.conf for now so that login works on dev. We will figure something else out.

nickumia-reisys added a commit to GSA/catalog.data.gov that referenced this issue Jun 28, 2023
@nickumia-reisys
fix: auth_tkt functionality removed in ckan 2.10
8b840be 
If we knew our tests, we would've seen that this disappeared and caused GSA/data.gov#4371
@FuhuXia FuhuXia mentioned this issue Jun 29, 2023
Merged
@FuhuXia FuhuXia self-assigned this Jun 29, 2023
@FuhuXia
Copy link
Member

FuhuXia commented Jun 29, 2023
edited
Loading

Fixed by the PR above.

@FuhuXia FuhuXia closed this as completed Jun 29, 2023
FuhuXia pushed a commit to GSA/catalog.data.gov that referenced this issue Jul 13, 2023
@nickumia-reisys @FuhuXia
fix: auth_tkt functionality removed in ckan 2.10
52bac22 
If we knew our tests, we would've seen that this disappeared and caused GSA/data.gov#4371
FuhuXia pushed a commit to GSA/catalog.data.gov that referenced this issue Jul 13, 2023
@nickumia-reisys @FuhuXia
fix: auth_tkt functionality removed in ckan 2.10
661a1ff 
If we knew our tests, we would've seen that this disappeared and caused GSA/data.gov#4371
FuhuXia pushed a commit to GSA/catalog.data.gov that referenced this issue Jul 13, 2023
@nickumia-reisys @FuhuXia
fix: auth_tkt functionality removed in ckan 2.10
8f42623 
If we knew our tests, we would've seen that this disappeared and caused GSA/data.gov#4371
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@FuhuXia FuhuXia

Labels
bug Software defect or bug CKAN 2.10
Projects
data.gov team board
Status: 🗄 Closed
Milestone
No milestone
Development

No branches or pull requests
2 participants
@FuhuXia @nickumia-reisys