Let me reach out again about this. I’ve an AWX environment deployed in AWS for testing. For various reasons, I don’t care to host the relevant SSL keys locally and wish to use an ALB in front of it. This is all well and good, It works, and I can do direct logins with my preset “admin” credentials and configure things. I’ll call this host “awx-dev-2.example.com”. The ALB is passing traffic for https://awx-dev.example.com.
I also need to use SAML, specifically OKTA based SAML to authenticate to it. I’ve succeed in registering the host in SAML, it presents a SAML login icon, clicking it connects me to OKTA and they send an authentication request. When I acknowledge it, I see a screen flash mentioning “awx-dev-2.example.com” and get presented to the login page. And if I try clicking on the SAML icon again, it says I’m already authenticated, even though I can’t access anything.
I’m trying to figure out which of these factors may be contributing. “X-Forwarded-For”, settings, maybe? Has anyone else gotten SAML and an ALB playing nicely together? Or do I need to use a Classic Load Balancer, which I could in fact do?
Nico Kadel-Garcia
Senior DevOps Engineer
Cengage Learning
200 Pier Four Blvd.
Boston, MA 02210