Hi,
We’re trying to setup AD authorization for the shinyproxy server on AWS. The authorization with AD seems to
work correctly but the the server is stuck at the callback: https://<domain-name>/login/oauth2/code/shinyproxy?code=XXX. From the logs I can see that the authentication attempt doesn’t work:
...
2019-06-26 17:54:38.756 DEBUG 8237 --- [ XNIO-2 task-4] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/login/oauth2/code/shinyproxy'; against '/login/oauth2/code/*'
2019-06-26 17:54:38.756 DEBUG 8237 --- [ XNIO-2 task-4] .s.o.c.w.OAuth2LoginAuthenticationFilter : Request is to process authentication
2019-06-26 17:54:38.758 DEBUG 8237 --- [ XNIO-2 task-4] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider
2019-06-26 17:54:38.758 DEBUG 8237 --- [ XNIO-2 task-4] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider
2019-06-26 17:56:08.908 DEBUG 8237 --- [ XNIO-2 task-4] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider
2019-06-26 17:56:08.908 DEBUG 8237 --- [ XNIO-2 task-4] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider
...
The last 2 log messages repeat indefinitely after that and the browser request times out.
The shinyproxy server is deployed on the EC2 instance behind Application Load Balancer.
We also observe the same issue when using GoogleOAuth but everything works correctly with a simple authentication.
Do you know what could be the cause of this behaviour or how could we debug this issue further? Any advice would be greatly appreciated as we’re really stuck at this point.
The the yaml configuration of the server looks like this:
proxy:
title: XXX
landing-page: /
heartbeat-rate: 10000
heartbeat-timeout: 90000
container-wait-time: 90000
authentication: openid
container-log-path: /efs/container-logs
openid:
auth-url: https://login.microsoftonline.com/c8036283-1408-4dc8-b870-31e789a0a528/oauth2/authorize
token-url: https://login.microsoftonline.com/c8036283-1408-4dc8-b870-31e789a0a528/oauth2/token
jwks-url: https://login.microsoftonline.com/common/discovery/keys
client-id: XXX
client-secret: XXX
port: 8080
docker:
url: http://localhost:2375
specs:
- id: Appname
display-name: Appname
description: Description
container-env:
ENTRYPOINT_TYPE: R
APP_ENV: ENV1
R_ENV: SHINYPROXY_DOC_APP_URL="https://some-url"
SHINY_APP_PORT: 3838
container-volumes: /efs/appdir:/root/.appdir
container-image: app:img
- id: Appname2
display-name: Appname2
description: Description2
container-env:
ENTRYPOINT_TYPE: R
R_CMD: rmarkdown::run(system.file("documentation", "user_guide", "index.Rmd",
package = "App_pkg"), shiny_args = list(port = 3838, launch.browser
= FALSE, host = "0.0.0.0"))
SHINY_APP_PORT: 3838
container-volumes: /efs/appdir:/root/.appdir
container-image: app:img
logging:
level:
org.springframework.security: debug
file: app.log
server:
useForwardHeaders: true