OpenID Connect Redirects to wrong address
Hello everyone,
my colleagues and I are trying to use Hub's OpenID Connect functionality to facilitate authentication in KiwiTCMs by using the OpenID APi as described in this article: https://www.jetbrains.com/help/hub/OpenID-Connect.html
And it works... to a point. The general authentication works, and you can access KiwiTCMs as long as you are logged into Hub.
However, what doesn't work is the redirection from Hub to KiwiTCMs. Instead of being redirected to the address configured in Hub's "Services" section, Hub redirects us to the server it's on, which also houses a number of other JetBrains services, and eventually we end up a 404 page instead of KiwiTCMs. If you navigate to KiwiTCMs manually afterwards, however, it works, and you are successfully logged in.
We have configured the JetBrains services to run via https by means of an IIS reverse proxy. The relevant rule we configured would be:
<rule name="Reverse Proxy to Hub" stopProcessing="true">
<match url="^hub(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<serverVariables>
<set name="HTTP_X_FORWARDED_HOST" value="{HTTP_HOST}" />
<set name="HTTP_X_FORWARDED_SCHEMA" value="https" />
<set name="HTTP_X_FORWARDED_PROTO" value="https" />
</serverVariables>
<action type="Rewrite" url="http://server.company.de:8082/hub{R:1}" />
</rule>
The calls that happen in the background when we try to authenticate via Hub are:
https://server.company.de/oidc/callback/?code=QnvkbnYC&state=6BrS0LDxEPJEeURi7tBlTLpy4gh7Yux
The first two calls are understandable and correct. They also contain traces of the correct redirection URL "https%3A%2F%2Fkiwitcms.company.de". However, with the third call, things start going awry: All of a sudden not only does hub unexpectedly call a path of /oidc/callback, but also the correct redirection URL is missing.
We have made a dirty fix for this by adding the following URL rewrite rule, which works for now, but only as long as we don'T need to use anything else where Hub inexplicably redirects to /oidc/callback:
<rule name="OpenID KiwiTCMS" stopProcessing="true">
<match url="^oidc/callback/(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Redirect" url="https://kiwitcms.company.de:8443/oidc/callback/{R:1}" redirectType="Found" />
</rule>
Naturally, this is not an ideal solution, and we wish to understand why this happens, and what we can do about it.
Here's a visualization of above calls, first the query parameters sent to Hub:
And here's what is sent at the time of the login:
So up until here, the redirect URL is still correct and a part of the package. However, after wards HUb "magically" redirects to its sub-base address followed by /oidc/callback, and we can't figure out why.
Any help or insight on this would be greatly appreciated.
Thanks in advance,
Kira & Co.
Please sign in to leave a comment.
Hello, please accept our sincerest apologies that we have missed your request.
Is your question still relevant? Please let us know if you still need our assistance, we’ll be happy to help.
If you have urgent questions, please feel free to submit a support request: https://hub-support.jetbrains.com/hc/en-us/requests/new?ticket_form_id=66692
i havent a clue. come get me
Hello Randolphs690, would you mind clarifying your question? Did you face any Hub-related problems you need assistance with?