0

Configured Spinnaker to authenticate using LDAP, After entering the credentials browser URL stuck at '/auth/redirect?to='. But if I reenter the spinnaker url with '/' it works fine. And i'm already authenticated. This is not an LDAP issue but after successfully entering credentials spinnaker supposed to redirect to home page. Redirection is broken.

Running on Kubernetes on-premise. Installed from Helm default configurations. Using FreeIPA as LDAP.

Steps to reproduce:

  • login to https://<Spinnaker_host>/login
  • prompted to login page enter credentials
  • URL stuck at https://<spinnaker_hostl>/auth/redirect?to=https%3A%2F%2F<spinnaker_url>%2F%23%2Fsearch
  • If re-type <spinnaker_host> in browser, everything works fine and I'm already authenticated.

Configuration are as follow.

Ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  labels:
    app: spinnaker-spinnaker
    app.kubernetes.io/managed-by: Helm
    chart: spinnaker-2.2.13
    heritage: Helm
    release: spinnaker
  name: spinnaker-spinnaker-deck
  namespace: spinnaker
spec:
  rules:
  - host: <spinnaker_host>
    http:
      paths:
      - backend:
          service:
            name: spin-gate
            port:
              number: 8084
        path: /login
        pathType: Prefix
      - backend:
          service:
            name: spin-gate
            port:
              number: 8084
        path: /auth/*
        pathType: Prefix
      - backend:
          service:
            name: spin-gate
            port:
              number: 8084
        path: /gate/*
        pathType: Prefix
      - backend:
          service:
            name: spin-deck
            port:
              number: 9000
        path: /
        pathType: ImplementationSpecific
  tls:
  - hosts:
    - <spinnaker_host>
    secretName: spinnaker_cert

Halyard Config

security:
    apiSecurity:
      ssl:
        enabled: false
      overrideBaseUrl: /gate
    uiSecurity:
      ssl:
        enabled: false
    authn:
      oauth2:
        enabled: false
        client: {}
        resource: {}
        userInfoMapping: {}
      saml:
        enabled: false
        userAttributeMapping: {}
      ldap:
        enabled: true
        url: <ldap_url>
        userSearchBase: cn=users,cn=accounts,dc=org,dc=com
        userSearchFilter: (uid={0})
        managerDn: <ldap_managerDN>
        managerPassword: XXXXXXXXXXX
      x509:
        enabled: false

Tried ingress rewrites: simmilar to this

Tried to add Proxy headers to gate-local.yaml similar to this

none of those worked or had any impact.

Chiranj
  • 1

0 Answers0