PAWS not allowing admins to impersonate users
Closed, ResolvedPublic
Actions

Assigned To

None

Authored By

	Chicocvenancio
	Oct 14 2020, 11:44 AM

Description

Upon trying to impersonate a user to debug T265449 I got a 403 error. The logs read:

OAuth POST from https://hub.paws.wmcloud.org/hub/api/oauth2/authorize?client_id=jupyterhub-user-Ptj&redirect_uri=%2Fuser%2FPtj%2Foauth_callback&response_type=code&state=[SECRET] != http://hub.paws.wmcloud.org/hub/api/oauth2/authorize?client_id=jupyterhub-user-Ptj&redirect_uri=%2Fuser%2FPtj%2Foauth_callback&response_type=code&state=[SECRET]
[W 2020-10-14 11:31:24.890 JupyterHub web:1786] 403 POST /hub/api/oauth2/authorize?client_id=jupyterhub-user-Ptj&redirect_uri=%2Fuser%2FPtj%2Foauth_callback&response_type=code&state=[SECRET]

The issue seems to be http vs https.

Related Objects

Mentioned Here: T265449: Error 503 while accessing PAWS server

Event Timeline

Chicocvenancio created this task.Oct 14 2020, 11:44 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 14 2020, 11:44 AM

Chicocvenancio renamed this task from PAWSn not allowing admins to impersonate users to PAWS not allowing admins to impersonate users.Oct 14 2020, 11:47 AM

Chicocvenancio triaged this task as Medium priority.

Seems we need to set the X-Scheme header to https. I am not sure if we should do this at the haproxy layer or add it in the ingress.

Restricted Application edited projects, added cloud-services-team (Kanban); removed cloud-services-team. · View Herald TranscriptOct 14 2020, 12:06 PM

fnegri edited projects, added cloud-services-team; removed cloud-services-team (Kanban).Jan 18 2023, 7:12 PM

fnegri moved this task from Kanban to Inbox on the cloud-services-team board.

This appears to now function.

rook closed this task as Resolved.Feb 22 2024, 5:19 PM

PAWS not allowing admins to impersonate usersClosed, ResolvedPublicActions

Description

Related Objects

Event Timeline

PAWS not allowing admins to impersonate users
Closed, ResolvedPublic
Actions