lokesh-lingarajan opened a new pull request #11502: URL: https://github.com/apache/druid/pull/11502
Fixes #11437 ### Description In order to support setups where SSL termination happens at the ELB and the communication from ELB to druid is on plain HTTP protocol, we would need some way to represent proper call back url which is based on HTTPS protocol. Currently NoParameterCallbackUrlResolver picks up the current webserver configuration, which in this case happens to be http, but the actual communication goes out from an https connection and okta ends up barfing out with the following error., Error code - 400 bad request (Invalid request) Error message - The 'redirect_uri' parameter must be a Login redirect URI in the client app settings: https://something-admin.okta.com/admin/app/oidc_client/instance/xxxxxxxxxxxxxxx#tab-general If there was configuration that allows users to manually specify a custom callback url, then we can easily override the current jetty webserver config on druid and proxy the ELB's url. This is similar to what knox provides in some sense using the following parameter "knoxJwtRealm.redirectParam = originalUrl" Tested the changes locally using dev.okta account. This PR has: - [x] been self-reviewed. - [x] been tested in a test Druid cluster. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
