lokesh-lingarajan opened a new issue #11437: URL: https://github.com/apache/druid/issues/11437
Our current setup is Druid is running on http behind an ELB with https support. We are trying to enable SSO on router web console and the issue we are currently seeing is on trying to login we get the following error Description: The 'redirect_uri' parameter must be a Login redirect URI in the client app settings: https://dev-xxxxxxx-admin.okta.com/admin/app/oidc_client/instance/xxxxxxxxxxxx#tab-general Looking closely into the response, I see that https://dev-xxxxxxxx.okta.com/oauth2/default/v1/authorize?scope=openid+profile+email&response_type=code&redirect_uri=http%3A%2F%2Fdruid-lab.telemetry.something.com%3A8888%2Fdruid-ext%2Fdruid-pac4j%2Fcallback&state=UK2cqE4qjgWRaxa3x34-Zgv787erhl1r6h6Q6Fdbt90&nonce=n-cNghIsUGReZO_X0Z-uhjPV7CNb786m9Eo5pCtFLX8&client_id=xxxxxxxxxxxxxx#query From the redirect uri "http%3A%2F%2Fdruid-lab.telemetry.something.com%3A8888%2Fdruid-ext%2Fdruid-pac4j%2Fcallback" Its clear that druid is sending the original url as http instead of https. This is correct from the setup that we have. Question - how to we setup a custom original URL such that druid while forwarding the request to okta can send https instead of http ? I have worked in the past with Zeppelin and Knox and there was configuration to put custom original url. Do we have something similar in Druid pac4j configuration ? Any advice would be greatly appreciated. Thanks. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
