Bug 1419792 - Kibana login fails when kibana URL contains hyphen
Summary: Kibana login fails when kibana URL contains hyphen
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Logging
Version: 3.3.1
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
: ---
Assignee: Jeff Cantrill
QA Contact: Xia Zhao
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-02-07 04:19 UTC by Kenjiro Nakayama
Modified: 2020-03-11 15:44 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-02-10 04:27:53 UTC
Target Upstream Version:

Attachments (Terms of Use)
kibana with dash in url (46.16 KB, image/png)
2017-02-07 21:12 UTC, Jeff Cantrill 		no flags Details
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 2909691 0 None None None 2017-02-07 04:34:15 UTC

Description Kenjiro Nakayama 2017-02-07 04:19:04 UTC 
Description of problem:
---
- Kibana passes the OpenShift Master's authentication. And if they contains hyphen in the URL, the OpenShift doesn't handle the redirection correctly.

Version-Release number of selected component (if applicable):
---
- OCP 3.3 & 3.4

Steps to Reproduce:
---
1. Deploy logging service with route contains "hyphen".

e.g)
  [root@knakayam-ose34-master1 ~]# oc get route
  NAME                 HOST/PORT                 PATH      SERVICES             PORT      TERMINATION
  logging-kibana       kibana-test.example.com             logging-kibana       <all>     reencrypt

2. Configure /etc/origin/master/master-config.yaml

3. Try to login to kibana-test.example.com

Actual results:
---
- Browser retunrs "Unable to connect" with following URL:

  https://knakayam-ose34-master1:8443/oauth/authorize?response_type=code&redirect_uri=https%3A%2F%2Fkibana-test.example.com%2Fauth%2Fopenshift%2Fcallback&scope=user%3Ainfo%20user%3Acheck-access%20user%3Alist-projects&client_id=kibana-proxy

Expected results:
---
- Login successfully

Additional info:
---
- Although it can be fixed by using non-hyphen domain, but if wildcard domain contains hyphen, there are no workaround.
Comment 4 Jeff Cantrill 2017-02-07 21:12:14 UTC 
Created attachment 1248501 [details]
kibana with dash in url
Comment 5 Jeff Cantrill 2017-02-07 21:15:04 UTC 
I was unable to reproduce as attachment shows.  To be fair, I had some issues setting up my local deployment:

* openshift v3.3.1.13
kubernetes v1.3.0+52492b4

* router version: v3.4

Confirmed the oauthclient is correct: oc get oauthclient kibana-proxy -o yaml:

apiVersion: v1
kind: OAuthClient
metadata:
  annotations:
    openshift.io/generated-by: OpenShiftNewApp
  creationTimestamp: 2017-02-07T19:52:18Z
  labels:
    app: logging-support-template
    component: support
    logging-infra: support
    provider: openshift
  name: kibana-proxy
  resourceVersion: "2744"
  selfLink: /oapi/v1/oauthclients/kibana-proxy
  uid: ee957272-ed6e-11e6-a81c-5254007ced34
redirectURIs:
- https://kibana-test.192.168.121.200.xip.io
scopeRestrictions:
- literals:
  - user:info
  - user:check-access
  - user:list-projects
secret

Aside from those struggles, I am unable to reproduce
Comment 7 Jeff Cantrill 2017-02-08 14:28:09 UTC 
Can you confirm the oauthclient has the correct redirecturi?
Note You need to log in before you can comment on or make changes to this bug.