Project

General

Profile

Actions
Copy link

Bug #18289

open

Proxy authentication fails when Foreman is behind nginx or apache

Added by Marek Hulán over 7 years ago. Updated almost 6 years ago.

Status:
New
Priority:
Normal
Assignee:
Marek Hulán
Category:
Authentication
Target version:
-
Difficulty:
Triaged:
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman/pull/4239
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

When Proxy does not use client SSL certificate for authentication, we fallback to DNS resolv for IP of the client that did the call. This does not work if Foreman is proxied by Apache or nginx that sets X-Forwarded-For header since Rails do not trust ::1 or 127.0.0.1 by default - tracked as https://github.com/rails/rails/issues/5223 and even if it did it wouldn't work because we use request.ip instead of request.remote_ip. That means this can only work if the request is done from a proxy that is on the same host as Foreman. Related code is at https://github.com/theforeman/foreman/blob/698e916ce208b5040b83a908a058c83c94d158ee/app/controllers/concerns/foreman/controller/smart_proxy_auth.rb#L85

Actions
Copy link
 #1

Updated by The Foreman Bot over 7 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/4239 added
Actions
Copy link
 #2

Updated by Marek Hulán almost 6 years ago

  • Status changed from Ready For Testing to New
Actions
Copy link

Also available in: Atom PDF