preauthenticated "Authorization is required"
277 views
Skip to first unread message
William Edsall
Apr 4, 2022, 9:05:01 AM4/4/22
to rundeck-discuss
Hi team,
Hoping someone can help point me in the right direction.
I'm just trying to test preauthentication with headers. I believe the headers are being sent, but no matter what rundeck says Error Authentication is Required.
Rundeck version = rundeck-4.0.0.20220322
Should this be sufficient to test preauth with headers?
Thanks
William
Hoping someone can help point me in the right direction.
I'm just trying to test preauthentication with headers. I believe the headers are being sent, but no matter what rundeck says Error Authentication is Required.
Apache:
<Location /rundeck>
RequestHeader set X-Forwarded-Uuid testadmin
RequestHeader set X-Forwarded-Roles admin,test
ProxyPass http://localhost:4440/
ProxyPassReverse http://localhost:4440/
</Location>
RequestHeader set X-Forwarded-Uuid testadmin
RequestHeader set X-Forwarded-Roles admin,test
ProxyPass http://localhost:4440/
ProxyPassReverse http://localhost:4440/
</Location>
rundeck-config.properties:
rundeck.security.authorization.preauthenticated.enabled=true
rundeck.security.authorization.preauthenticated.attributeName=REMOTE_USER_GROUPS
rundeck.security.authorization.preauthenticated.delimiter=,
rundeck.security.authorization.preauthenticated.userNameHeader=X-Forwarded-Uuid
rundeck.security.authorization.preauthenticated.userRolesHeader=X-Forwarded-Roles
rundeck.security.authorization.preauthenticated.attributeName=REMOTE_USER_GROUPS
rundeck.security.authorization.preauthenticated.delimiter=,
rundeck.security.authorization.preauthenticated.userNameHeader=X-Forwarded-Uuid
rundeck.security.authorization.preauthenticated.userRolesHeader=X-Forwarded-Roles
Rundeck version = rundeck-4.0.0.20220322
Should this be sufficient to test preauth with headers?
Thanks
William
William Edsall
Apr 4, 2022, 9:25:38 AM4/4/22
to rundeck-discuss
Hello,
A quick follow up - this is no longer an issue. I reinstalled Rundeck from scratch and it seemed to solve. Must have been a stray configuration change.
The next thing that tripped me up was handling REMOTE_USER for preauthentication. Would love to hear how some of you are handling preauthentication w/Apache. I have a solution but it's not elegant - the challenge seems to be doing any sort of logic with REMOTE_USER because authentication is processed after if/else statements. If I want to say set a specific user to an admin but everyone else to users - that's where it seemed to get tricky.
A quick follow up - this is no longer an issue. I reinstalled Rundeck from scratch and it seemed to solve. Must have been a stray configuration change.
The next thing that tripped me up was handling REMOTE_USER for preauthentication. Would love to hear how some of you are handling preauthentication w/Apache. I have a solution but it's not elegant - the challenge seems to be doing any sort of logic with REMOTE_USER because authentication is processed after if/else statements. If I want to say set a specific user to an admin but everyone else to users - that's where it seemed to get tricky.
Reply all
Reply to author
Forward
0 new messages