Authentication error are not helpful - " The redirection URI for client is not registered "
When using OST you get an engine on isolated network, that in order to make available you must tunnel. When tunnelling you end up with a URI with a uncommon port or hostname that will result an error while authenticating: URL: https://localhost:9000/ovirt-engine This displays this error: *" The redirection URI for client is not registered " <http://imgur.com/a/D0edf>*See screenshot <http://imgur.com/a/D0edf> Can we expose the expected valid redirect urls? Is it used for something else than obscurity? If we can expose it then at least a message of the form would be better: * " Please make sure to connect to https://EXPECTED/URL " <https://the>* \R
Adding Ravi On Mon, Aug 21, 2017 at 10:53 AM, Roy Golan <rgolan@redhat.com> wrote:
When using OST you get an engine on isolated network, that in order to make available you must tunnel. When tunnelling you end up with a URI with a uncommon port or hostname that will result an error while authenticating:
URL: https://localhost:9000/ovirt-engine
This displays this error:
*" The redirection URI for client is not registered " <http://imgur.com/a/D0edf>*See screenshot <http://imgur.com/a/D0edf>
Can we expose the expected valid redirect urls? Is it used for something else than obscurity?
If we can expose it then at least a message of the form would be better:
* " Please make sure to connect to https://EXPECTED/URL " <https://the>*
\R
_______________________________________________ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
In this case turning off the callback prefix check should be helpful Create a new conf file /etc/ovirt-engine/engine.conf.d/99-sso.conf and add the line below to the file. This will turn off the additional security check for the callback prefix. SSO_CALLBACK_PREFIX_CHECK=false Ravi On Tue, Aug 22, 2017 at 9:29 AM, Martin Perina <mperina@redhat.com> wrote:
Adding Ravi
On Mon, Aug 21, 2017 at 10:53 AM, Roy Golan <rgolan@redhat.com> wrote:
When using OST you get an engine on isolated network, that in order to make available you must tunnel. When tunnelling you end up with a URI with a uncommon port or hostname that will result an error while authenticating:
URL: https://localhost:9000/ovirt-engine
This displays this error:
*" The redirection URI for client is not registered " <http://imgur.com/a/D0edf>*See screenshot <http://imgur.com/a/D0edf>
Can we expose the expected valid redirect urls? Is it used for something else than obscurity?
If we can expose it then at least a message of the form would be better:
* " Please make sure to connect to https://EXPECTED/URL " <https://the>*
\R
_______________________________________________ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
participants (3)
-
Martin Perina -
Ravi Shankar Nori -
Roy Golan