Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can't use paths in BASE #404

Open
bajnokk opened this issue Jul 12, 2022 · 2 comments · May be fixed by #405 or #451
Open

Can't use paths in BASE #404

bajnokk opened this issue Jul 12, 2022 · 2 comments · May be fixed by #405 or #451

Comments

@bajnokk
Copy link
Contributor

bajnokk commented Jul 12, 2022

I can't make service routing work when base_url contains a path, ie BASE=https://example.com/satosa. (I'm trying with an OIDC frontend and SAML2 backend.)

The problem is that both backends register their endpoints with the base path (ie. satosa/samlbackend/acs/post), but routing.py expects the backend in the first element of context.path.split("/") (routing.py:160). In the example above, the selected backend will be "satosa", which is an invalid backend name.

It doesn't help that ModuleRouter doesn't know the base path, so it can not trim the base path from context.path.

@bajnokk
Copy link
Contributor Author

bajnokk commented Jul 12, 2022

If you change BASE_URL in tests/conftest.py to a value that contains paths, the flow tests also fail.

index 9e7a5e1..6deab65 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -11,7 +11,7 @@ from satosa.state import State
 from .util import create_metadata_from_config_dict
 from .util import generate_cert, write_cert
 
-BASE_URL = "https://test-proxy.com"
+BASE_URL = "https://test-proxy.com/satosa"

...

    >       assert proxied_auth_req.status == "303 See Other"
    E       AssertionError: assert '500 Internal Service Error' == '303 See Other'
    E         - 303 See Other
    E         + 500 Internal Service Error
    
    flows/test_oidc-saml.py:175: AssertionError

@bajnokk bajnokk linked a pull request Jul 20, 2022 that will close this issue
6 tasks
@bajnokk
Copy link
Contributor Author

bajnokk commented May 11, 2023

Our application is an appliance (a single machine), which is built up from several components, and they use different paths and pages. SATOSA is used as a middleware component for interfacing with different types of federated IdPs, and since I can not allocate a dedicated virtual host for SATOSA, I have to use a path.

Is there perhaps a different way to untangle this problem? I don't know if the current way of request routing is a subject to change. If yes and you could share some details or ideas, I can update the pull request accordingly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
1 participant