Skip to content

Changes in public url format requirements have broken SSO callback urls #3924

New issue
New issue
Closed
#3926
Closed
Changes in public url format requirements have broken SSO callback urls#3924
#3926
@tapioca-sublime

Description

@tapioca-sublime
tapioca-sublime
opened on Nov 27, 2024

The changes introduced in #3862 have broken SSO callback urls when using GUI.base_path

This is because the following condition in frontend.go requires /app/index.html to be appended to the public url

 if !strings.HasSuffix(config_obj.GUI.PublicUrl,
				config_obj.GUI.BasePath+"/app/index.html") {

Resulting in /app/index.html to be inserted in the middle of the callback url which is set up in bin/config_interactive.go

	case "GitHub":
		redirect = config_obj.GUI.PublicUrl + "auth/github/callback"
	case "Azure":
		redirect = config_obj.GUI.PublicUrl + "auth/azure/callback"
	case "OIDC":
		redirect = config_obj.GUI.PublicUrl + "auth/oidc/callback"

The redirect url in SSO provider must match the callback url supplied by Velociraptor. The registration is still successful, however, you are then redirect to an invalid page (e.g. https://www.example.com/velociraptor/app/index.html/velociraptor/auth/azure/callback?code=token_token_token_token which give a 404 error) and you need to manually modified the url (e.g. to https://www.example.com/velociraptor/auth/azure/callback?code=token_token_token_token)

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions