[ovirt-devel] Authentication error are not helpful - " The redirection URI for client is not registered "
Ravi Shankar Nori
rnori at redhat.com
Tue Aug 22 13:58:22 UTC 2017
In this case turning off the callback prefix check should be helpful
Create a new conf file /etc/ovirt-engine/engine.conf.d/99-sso.conf and add
the line below to the file. This will turn off the additional security
check for the callback prefix.
SSO_CALLBACK_PREFIX_CHECK=false
Ravi
On Tue, Aug 22, 2017 at 9:29 AM, Martin Perina <mperina at redhat.com> wrote:
> Adding Ravi
>
> On Mon, Aug 21, 2017 at 10:53 AM, Roy Golan <rgolan at redhat.com> wrote:
>
>>
>> When using OST you get an engine on isolated network, that in order to
>> make available you must tunnel. When tunnelling you end up with a URI with
>> a uncommon port or hostname that will result an error while authenticating:
>>
>> URL: https://localhost:9000/ovirt-engine
>>
>> This displays this error:
>>
>> *" The redirection URI for client is not registered "
>> <http://imgur.com/a/D0edf>*See screenshot <http://imgur.com/a/D0edf>
>>
>> Can we expose the expected valid redirect urls? Is it used for something
>> else than obscurity?
>>
>> If we can expose it then at least a message of the form would be better:
>>
>> * " Please make sure to connect to https://EXPECTED/URL " <https://the>*
>>
>> \R
>>
>> _______________________________________________
>> Devel mailing list
>> Devel at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/devel
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/devel/attachments/20170822/7b78b345/attachment.html>
More information about the Devel
mailing list