For anyone interested in this issue:
https://github.com/pgadmin-org/pgadmin4/issues/7728
Scot Kreienkamp | Applications Infrastructure Architect | La-Z-Boy Corporate
One La-Z-Boy Drive | Monroe, Michigan 48162 | • (734) 384-6403 | | •
1-734-915-1444 | Email: scot.kreienk...@la-z-boy.com
From: Scot Kreienkamp <scot.kreienk...@la-z-boy.com>
Sent: Thursday, July 18, 2024 8:34 AM
To: Yogesh Mahajan <yogesh.maha...@enterprisedb.com>
Cc: pgadmin-support@lists.postgresql.org
Subject: RE: PGAdmin with Postgres backend and web auth
I have tried the private window.. it makes no difference. I’ve also tried
changing the working instance to using the latest image, which then doesn’t
work. I’m using the same config for both versions, it works on the older
version but not the latest version. The only difference between the two is the
port.
Here’s the HTTPD config:
<VirtualHost *:8080>
SSLEngine on
SSLCertificateFile /etc/ssl/wildcard.crt
SSLCertificateKeyFile /etc/ssl/wildcard.key
ProxyPass / http://127.0.0.1:8080/ retry=0
ProxyPassReverse / http://127.0.0.1:8080/ retry=0
<LocationMatch "^(?!/dologin.html|/4C-Vertical.jpg)" >
AuthType form
AuthName "Login Required"
AuthFormLoginRequiredLocation
https://%{SERVER_NAME}/dologin.html<https://%25%7bSERVER_NAME%7d/dologin.html>
AuthFormLoginSuccessLocation
https://%{SERVER_NAME}/<https://%25%7bSERVER_NAME%7d/>
AuthFormProvider ldap-vip ldap-na
AuthFormLogoutLocation
https://%{SERVER_NAME}/login.html<https://%25%7bSERVER_NAME%7d/login.html>
#Redirect to login.html for anything unauthorized
ErrorDocument 401 "/dologin.html"
Require valid-user
Session On
SessionCookieName session path=/
RewriteEngine on
RewriteCond %{REMOTE_USER} (.*)
RewriteRule .* - [E=X_REMOTE_USER:%1]
RequestHeader set REMOTE_USER %{X_REMOTE_USER}e
</LocationMatch>
<Location /dologin>
SetHandler form-login-handler
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store,
must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
</Location>
Scot Kreienkamp | Applications Infrastructure Architect | La-Z-Boy Corporate
One La-Z-Boy Drive | Monroe, Michigan 48162 | • (734) 384-6403 | | •
1-734-915-1444 | Email:
scot.kreienk...@la-z-boy.com<mailto:scot.kreienk...@la-z-boy.com>
From: Yogesh Mahajan
<yogesh.maha...@enterprisedb.com<mailto:yogesh.maha...@enterprisedb.com>>
Sent: Thursday, July 18, 2024 2:44 AM
To: Scot Kreienkamp
<scot.kreienk...@la-z-boy.com<mailto:scot.kreienk...@la-z-boy.com>>
Cc:
pgadmin-support@lists.postgresql.org<mailto:pgadmin-support@lists.postgresql.org>
Subject: Re: PGAdmin with Postgres backend and web auth
You don't often get email from
yogesh.maha...@enterprisedb.com<mailto:yogesh.maha...@enterprisedb.com>. Learn
why this is important<https://aka.ms/LearnAboutSenderIdentification>
Hi,
Have you tried using a private window? Also can you please share your HTTPD
conf?
Thanks,
Yogesh Mahajan
EnterpriseDB
On Thu, Jul 18, 2024 at 1:13 AM Scot Kreienkamp
<scot.kreienk...@la-z-boy.com<mailto:scot.kreienk...@la-z-boy.com>> wrote:
Hi list, I’m trying to setup two versions of PGAdmin, 6.12 and latest, using
dockerhub images running on RH9. I’m fronting this with HTTPD as a reverse
proxy and authentication layer.
Here’s the commandline I’m using to run both versions:
/usr/bin/podman run \
-e PGADMIN_DEFAULT_EMAIL=$MYEMAIL \
-e "PGADMIN_DEFAULT_PASSWORD=$PASSWORD" \
-e "PGADMIN_CONFIG_AUTHENTICATION_SOURCES=['webserver']" \
-e PGADMIN_CONFIG_WEBSERVER_AUTO_CREATE_USER=True \
-e PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED=False \
-e
"PGADMIN_CONFIG_CONFIG_DATABASE_URI='postgresql://$PGUSER:$PGPASS@$PGHOST:5432/$PGDB"
\
-e 'PGADMIN_CONFIG_CONSOLE_LOG_LEVEL=10' \
--conmon-pidfile %t/%n-pid \
--cidfile %t/%n-cid \
--privileged \
-p 127.0.0.1:8081:80 \
-v /var/lib/pgadmin/%N:/var/lib/pgadmin \
--name %N \
docker.io/dpage/pgadmin4:$VERSION<http://docker.io/dpage/pgadmin4:$VERSION>
This works perfectly with 6.12. I can connect with the web browser and go to
PGAdmin, and I’m logged in as I expected to be.
With latest I keep getting the messages “webserver authenticate failed” from
PGAdmin, and I keep landing at the PGAdmin login screen despite having internal
authentication disabled.
I’m seeing these syslog messages:
Jul 17 15:06:11 pgadmin.na.lzb.hq pgadmin[452429]: 2024-07-17 19:06:11,292:
DEBUG pgadmin: Authentication initiated via source: webserver
Jul 17 15:06:11 pgadmin.na.lzb.hq pgadmin.service[452271]: 2024-07-17
19:06:11,292: DEBUG pgadmin: Authentication initiated via source:
webserver
Jul 17 15:06:11 pgadmin.na.lzb.hq pgadmin[452429]: 2024-07-17 19:06:11,293:
DEBUG pgadmin: Authentication initiated via source: webserver is
failed.
Jul 17 15:06:11 pgadmin.na.lzb.hq pgadmin.service[452271]: 2024-07-17
19:06:11,293: DEBUG pgadmin: Authentication initiated via source:
webserver is failed.
I thought maybe it wasn’t picking up the default email and password so I tried
every combination I could think of for quoting default email and password, with
no improvement. The default email and password don’t work on the login screen
and I never get into PGAdmin. I can’t figure out why it works on the old
version but not the new version. I know I don’t need the mount on
/var/lib/pgadmin with the database, that’s just there because I haven’t taken
it out yet. With the database config that directory is empty anyway.
Any ideas?
Scot Kreienkamp | Applications Infrastructure Architect | La-Z-Boy Corporate
One La-Z-Boy Drive | Monroe, Michigan 48162 | • (734) 384-6403 | | •
1-734-915-1444 | •
scot.kreienk...@la-z-boy.com<mailto:scot.kreienk...@la-z-boy.com>
www.la-z-boy.com<http://www.la-z-boy.com> |
facebook.com/lazboy<http://facebook.com/lazboy> |
twitter.com/lazboy<http://twitter.com/lazboy> |
youtube.com/lazboy<http://youtube.com/lazboy>
[cid:image001.png@01DADC23.42628590]
This message is intended only for the individual or entity to which it is
addressed. It may contain privileged, confidential information which is exempt
from disclosure under applicable laws. If you are not the intended recipient,
you are strictly prohibited from disseminating or distributing this information
(other than to the intended recipient) or copying this information. If you have
received this communication in error, please notify us immediately by e-mail or
by telephone at the above number. Thank you.
