Leila Kamkar
I am migrating our system from version 5 to version 6. The portal is configured behind a Nginx proxy to handle HTTPS. However, I am encountering challenges setting up the entity-base-url and entitybaseurl in the docker-compose.yml and application.properties files respectively.
Despite trying several configurations, I haven't been successful. Could you provide guidance on correctly setting up the proxy for version 6.0.17? Any detailed instructions or examples would be greatly appreciated.
Configuration already tested:
docker-compose.yml
command: /bin/sh -c "rm -rf /cbioportal-webapp/lib/servlet-api-2.5.jar && java -Xms2g -Xmx4g -cp '/cbioportal-webapp:/cbioportal-webapp/lib/*' org.cbioportal.PortalApplication --spring.config.location=/cbioportal-webapp/application.properties --authenticate=saml --connectionTimeout=20000 --enable-compression --proxy-base-url https://cbioportalAddress --session.service.url=http://cbioportal-session:5001/api/sessions/my_portal/
application.properties
spring.security.saml2.relyingparty.registration.cbio-saml-idp.entitybaseurl=https://cbioportalAddress:443
Best regards,
Leila Kamkar
jagn...@gmail.com
Leila Kamkar
Hi Jag,
Many many thanks for your reply. I set the setting as you mentioned. But it still does not work properly.
Settings:
Docker-compose.yml:
command: /bin/sh -c "rm -rf /cbioportal-webapp/lib/servlet-api-2.5.jar && java -Xms2g -Xmx4g -cp '/cbioportal-webapp:/cbioportal-webapp/lib/*' org.cbioportal.PortalApplication --spring.config.location=/cbioportal-webapp/application.properties --authenticate=saml --connectionTimeout=20000 --enable-compression --proxy-base-url=https://cbioportal.x.de --session.service.url=http://cbioportal-session:5001/api/sessions/my_portal/"
# app name
app.name=cbioportal
security.cors.allowed-origins=*
# For SAML 2.0
authenticate=saml
authorization=true
## SAML settings
spring.security.saml2.relyingparty.registration.cbio-saml-idp.assertingparty.metadata-uri=https://keycloak.y.de/realms/tmo_cBioPortal/protocol/saml/descriptor
spring.security.saml2.relyingparty.registration.cbio-saml-idp.entity-id=cbioportal
spring.security.saml2.relyingparty.registration.cbio-saml-idp.signing.credentials[0].certificate-location=classpath:/local.crt
spring.security.saml2.relyingparty.registration.cbio-saml-idp.signing.credentials[0].private-key-location=classpath:/local.key
spring.security.saml2.relyingparty.registration.cbio-saml-idp.singlelogout.binding=POST
spring.security.saml2.relyingparty.registration.cbio-saml-idp.entitybaseurl=https://cbioportal.x.de:443
spring.security.saml2.relyingparty.registration.cbio-saml-idp.singlelogout.response-url=http://cbioportal.x.de:8080/logout/saml2/slo
saml.idp.metadata.attribute.email=email
saml.idp.metadata.attribute.role=Role
saml.idp.comm.binding.settings=defaultBinding
saml.custom.userservice.class=org.cbioportal.security.spring.authentication.keycloak.SAMLUserDetailsServiceImpl
saml.logout.url=/
saml.sp.metadata.wantassertionsigned=true
saml.logout.local=false
filter_groups_by_appname=false
logging.level.org.springframework.security=Debug
The scenario is as follows:
When I use the address https:\\cbioportal.x.de
I get correctly redirected to keycloak_server and after entering the credentials I get redirected back to the following page, which is not correct.
And when I click on send anyway I see:
cbioportal-container | 2024-12-05T11:29:09.517Z DEBUG 411 --- [nio-8080-exec-3] o.s.s.web.DefaultRedirectStrategy : Redirecting to /login?error
cbioportal-container | 2024-12-05T11:29:09.833Z DEBUG 411 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : Securing GET /login?error
cbioportal-container | 2024-12-05T11:29:47.424Z INFO 411 --- [nio-8080-exec-4] o.apache.coyote.http11.Http11Processor : Error parsing HTTP request header
cbioportal-container | Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
cbioportal-container |
cbioportal-container | java.lang.IllegalArgumentException: Invalid character found in method name [0x160x030x010x07%0x010x000x07!0x030x030x9a0x870x0a0xea0x950xe8=0xc00x0e\0xfa0x0e0x8a0xba0xd2{ ]. HTTP method names must be tokens
It’s worth mentioning that if I modify the address in browser to cbioportal.x.de:8080 then I get redirected to http://cbioportal.tmo-heidelberg.de:8080/login/saml2/sso/cbio-saml-idp
and after clicking on the send anyway I see
And this time if I click on the cbio-saml-idp link and after that click on continue anyway then I can see the portal homepage correctly. In logs, I can also see that the user is authenticated with the correct Roles.
--
You received this message because you are subscribed to a topic in the Google Groups "cBioPortal for Cancer Genomics Discussion Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/cbioportal/xKPJi14Cmmw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cbioportal+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/cbioportal/03b74ccf-cdd7-4bed-8820-d18cd0879088n%40googlegroups.com.
Benjamin Gross
|
<Screenshot 2024-12-05 at 13.00.51.png>
And when I click on send anyway I see:
<Screenshot 2024-12-05 at 13.02.37.png>Related error message in logs:cbioportal-container | 2024-12-05T11:29:09.517Z DEBUG 411 --- [nio-8080-exec-3] o.s.s.web.DefaultRedirectStrategy : Redirecting to /login?errorcbioportal-container | 2024-12-05T11:29:09.833Z DEBUG 411 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : Securing GET /login?errorcbioportal-container | 2024-12-05T11:29:47.424Z INFO 411 --- [nio-8080-exec-4] o.apache.coyote.http11.Http11Processor : Error parsing HTTP request headercbioportal-container | Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.cbioportal-container |cbioportal-container | java.lang.IllegalArgumentException: Invalid character found in method name [0x160x030x010x07%0x010x000x07!0x030x030x9a0x870x0a0xea0x950xe8=0xc00x0e\0xfa0x0e0x8a0xba0xd2{ ]. HTTP method names must be tokens
It’s worth mentioning that if I modify the address in browser to cbioportal.x.de:8080 then I get redirected to http://cbioportal.tmo-heidelberg.de:8080/login/saml2/sso/cbio-saml-idpand after clicking on the send anyway I see
<Screenshot 2024-12-05 at 13.05.59.png>
And this time if I click on the cbio-saml-idp link and after that click on continue anyway then I can see the portal homepage correctly. In logs, I can also see that the user is authenticated with the correct Roles.
You received this message because you are subscribed to the Google Groups "cBioPortal for Cancer Genomics Discussion Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cbioportal+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/cbioportal/CAGSZz3_P8B7ysTbhq6MXcqwu70cdk8mi4_vQgz_eX1HzyZf_nQ%40mail.gmail.com.
Leila Kamkar
Yes, that is correct. The problem is fixed by setting this in application.properties :
server.forward-headers-strategy=NATIVE // This copies common HTTPS Headers over (Link below)
https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#howto.webserver.use-behind-a-proxy-server
Best,