Changes in public url format requirements have broken SSO callback urls #3924
Comments
scudette
added a commit
that referenced
this issue
Jan 14, 2025
Added test to ensure base path works correctly with all the authentication mechanisms. Fixes: #3924 --------- Co-authored-by: snyk-bot <[email protected]>
scudette
added a commit
that referenced
this issue
Jan 14, 2025
Added test to ensure base path works correctly with all the authentication mechanisms. Fixes: #3924 --------- Co-authored-by: snyk-bot <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The changes introduced in #3862 have broken SSO callback urls when using GUI.base_path
This is because the following condition in frontend.go requires /app/index.html to be appended to the public url
Resulting in /app/index.html to be inserted in the middle of the callback url which is set up in bin/config_interactive.go
The redirect url in SSO provider must match the callback url supplied by Velociraptor. The registration is still successful, however, you are then redirect to an invalid page (e.g. https://www.example.com/velociraptor/app/index.html/velociraptor/auth/azure/callback?code=token_token_token_token which give a 404 error) and you need to manually modified the url (e.g. to https://www.example.com/velociraptor/auth/azure/callback?code=token_token_token_token)
The text was updated successfully, but these errors were encountered: