Hello. I’m relatively new to AWX and am attempting to configure Generic OIDC. I’ve worked with my auth team to get the OIDC Key, Secret, and Provider URL configured. When I try to login to, I get an error: Invalid redirect_uri. I can manually update the uri in the request which then completes and provides the login page.
The call is https://auth.sso.MYDOMAIN.com/fss/as/authorization.oauth2?client_id=MYCLIENTID&redirect_uri=http://MYSERVER/sso/complete/oidc/&state=SNIP&response_type=code&nonce=SNIP&scope=openid+profile+email. If I change the redirect_uri from http to https, then it works fine.
I have set the “Base URL of the service” in the Miscellaneous System Settings to https://MYSERVER, but this doesn’t seem to be picked up and used in the OIDC call.
This is running in a test environment with minikube and an nginx server running on the VM configured with proxy_pass to an upstream backend that provides the SSL offloading.
$ cat kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
# Find the latest tag here: https://github.com/ansible/awx-operator/releases
- github.com/ansible/awx-operator/config/default?ref=2.19.1
- awx-finit.yaml
# Set the image tags to match the git version from above
images:
- name: quay.io/ansible/awx-operator
newTag: 2.19.1
# Specify a custom namespace in which to install AWX
namespace: awx
$ cat awx-finit.yaml
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: awx-finit
spec:
service_type: nodeport
bundle_cacert_secret: awx-ssl-ca-custom
Any help on how to update/fix the redirect_uri to use https would be greatly appreciated.
Thanks,
Ed