Hi everyone,
Attached is the error that I’m getting after I DUO authenticate (two-factor authenticate) to my IDP. Seems like everything is good but AWX doesn’t know how to handle the response after the DUO? I’m not sure what is going on, to be honest. I am still new with the whole SAML/SSO authentication piece.
Anyways, the setup is a bit odd. I have the AWX containers serving the webpage out port 8043, but I use an HAProxy container to then proxy that to port 443 so that users can just hit the FQDN of the app (this also helps with documentation as the previous version that we had running was hosted on port 443).
I think it may be that HAProxy is not forwarding all necessary responses to the AWX containers? I’m not sure though.
Below is my haproxy config.
global
stats socket /tmp/admin.sock
stats timeout 30s
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
timeout tunnel 3600s
timeout http-keep-alive 1s
timeout http-request 15s
timeout queue 30s
timeout tarpit 60s
default-server inter 3s rise 2 fall 3
option forwardfor
cache web_cache
total-max-size 4095
max-object-size 10000
max-age 30
frontend localnodes
bind *:8013
mode http
default_backend nodes
frontend localnodes_ssl
bind *:443
bind *:8043
mode tcp
default_backend nodes_ssl
backend nodes
mode http
balance roundrobin
option forwardfor
option http-pretend-keepalive
http-request cache-use web_cache
http-response cache-store web_cache
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
option httpchk HEAD / HTTP/1.1\r\nHost:localhost
server tools_awx_1 tools_awx_1:8013 check
server tools_awx_2 tools_awx_2:8013 check
backend nodes_ssl
mode tcp
balance roundrobin
server tools_awx_1 tools_awx_1:8043 maxconn 10000 weight 10 cookie tools_awx_1 check
server tools_awx_2 tools_awx_2:8043 maxconn 10000 weight 10 cookie tools_awx_2 check
listen stats
bind *:1936
stats enable
stats uri /
Any help would be much appreciated! Thank you!!
Donny