OIDC authentication redirects to `https` even if `provider_url` is `http`. #1996

deadnews · 2024-05-05T23:50:47Z

deadnews
May 5, 2024

Description

OIDC authentication redirects to https even if provider_url is http.
The issue is not caused by the browser redirecting to https.
Is it semaphore that is redirecting to https?

Steps to Reproduce

Here's the relevant configuration:

  "oidc_providers": {
    "gitlab": {
      "display_name": "Sign in with GitLab",
      "color": "orange",
      "icon": "gitlab",
      "provider_url": "http://gitlab.domain.com",
      "client_id": "***",
      "client_secret": "gloas-***",
      "redirect_url": "http://semaphore.domain.com/api/auth/oidc/gitlab/redirect"
    }
  }

Context

Semaphore version: v2.9.75
GitLab version: 16.11 CE

Answered by tboerger

May 6, 2024

If I remember correctly it's part of the oidc specification to enforce https.

View full answer

tboerger · 2024-05-06T04:19:13Z

tboerger
May 6, 2024
Collaborator

If I remember correctly it's part of the oidc specification to enforce https.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

OIDC authentication redirects to `https` even if `provider_url` is `http`. #1996

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Select a reply

Uh oh!

Uh oh!

OIDC authentication redirects to https even if provider_url is http. #1996

Uh oh!

deadnews May 5, 2024

Description

Steps to Reproduce

Context

Replies: 1 comment

Uh oh!

Uh oh!

tboerger May 6, 2024 Collaborator

OIDC authentication redirects to `https` even if `provider_url` is `http`. #1996

deadnews
May 5, 2024

tboerger
May 6, 2024
Collaborator