I see in the logs:
10.51.202.160 - - [18/Jul/2024:20:25:40 +0000] "GET /sso/login/saml/?idp=okta HTTP/1.1" 302 0 "https://awx-test.us-east-1.shared-services-dev.dev.company/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0" "10.96.64.109"
[pid: 23|app: 0|req: 30/144] 10.51.202.160 () {70 vars in 1475 bytes} [Thu Jul 18 20:25:39 2024] GET /sso/login/saml/?idp=okta => generated 0 bytes in 385 msecs (HTTP/1.1 302) 13 headers in 1429 bytes (1 switches on core 0)
[pid: 24|app: 0|req: 101/145] 10.51.202.160 () {74 vars in 1463 bytes} [Thu Jul 18 20:25:41 2024] POST /sso/complete/saml => generated 0 bytes in 30 msecs (HTTP/1.1 301) 8 headers in 400 bytes (1 switches on core 0)
10.51.202.160 - - [18/Jul/2024:20:25:41 +0000] "POST /sso/complete/saml HTTP/1.1" 301 5 "https://company.okta.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0" "10.96.64.109"
2024-07-18 20:25:41,486 ERROR [85903b5d93cc4ad08da75a2dc42b003c] social 'RelayState'.
I have:
extra_settings:
- setting: USE_X_FORWARDED_HOST
value: "True"
- setting: USE_X_FORWARDED_PORT
value: "True"
for the alb:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: awx-demo
namespace: awx-test
annotations:
kubernetes.io/ingress.class: "alb"
alb.ingress.kubernetes.io/target-type: "ip"
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/certificate-arn: "arn of cert"
alb.ingress.kubernetes.io/use-forwarded-headers: "true"
alb.ingress.kubernetes.io/compute-full-forwarded-for: "true"
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
I’ve looked through the docs and don’t see what else I would be missing?