You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/08/04 01:51:31 UTC

[GitHub] [apisix] xwc1125 opened a new issue, #7608: authz-casdoor redirect :503 Service Temporarily Unavailable

xwc1125 opened a new issue, #7608:
URL: https://github.com/apache/apisix/issues/7608

   ### Description
   
   ## Use the authz-casdoor to auth, when redirect to 9080 port err . The err msg is "503 Service Temporarily Unavailable"
   ### 1. casdoor application:
   <img width="604" alt="image" src="https://user-images.githubusercontent.com/4408289/182744126-f66383bb-2fd7-4c68-b3fa-cf4e7031551a.png">
   
   ### 2. set router:
   
   ```shell
   curl "http://127.0.0.1:9080/apisix/admin/routes/1" -H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" -X PUT -d '
   {
     "methods": ["GET"],
     "uri": "/anything/*",
     "plugins": {
       "authz-casdoor": {
           "endpoint_addr":"http://10.78.44.46:8000",
           "callback_url":"http://10.78.44.46:9080/anything/callback",
           "client_id":"00ecb282bc314667fc11",
           "client_secret":"e3923ad0025b4bb39bf3825ee9e5aa8fa5f1a62d"
       }
     },
     "upstream": {
       "type": "roundrobin",
       "nodes": {
         "httpbin.org:80": 1
       }
     }
   }'
   ```
   ### 3. request url: http://127.0.0.1:9080/anything/test
   #### 3.1 login: 
   <img width="412" alt="image" src="https://user-images.githubusercontent.com/4408289/182744402-9dbe9425-2f75-45a5-8abd-2babaadd3554.png">
   
   #### 3.2 response err: 
   <img width="480" alt="image" src="https://user-images.githubusercontent.com/4408289/182744563-f16a9a70-18cf-4999-b947-f5ac0e5dd15e.png">
   
   #### 3.3 apisix err log: 
   <img width="1090" alt="image" src="https://user-images.githubusercontent.com/4408289/182744628-6db50461-b3dc-48e7-8a33-26b43fdb5ff9.png">
   
   ### 4. change the request ip,request url: http://10.78.44.46:9080/anything/get
   #### 4.1 response err: 
   <img width="487" alt="image" src="https://user-images.githubusercontent.com/4408289/182745094-f89924b9-59e5-49c8-815f-afc5564ca33c.png">
   
   #### 4.2  apisix err log: 
   <img width="1091" alt="image" src="https://user-images.githubusercontent.com/4408289/182745139-d30307a4-2b88-47c5-a284-dc4341cdfe18.png">
   
   #### 4.3 curl in docker container success: 
   <img width="761" alt="image" src="https://user-images.githubusercontent.com/4408289/182745415-27e2bc59-9186-4e53-95d8-d0481b71313a.png">
   
   
   
   
   
   ### Environment
   
   - APISIX version (run `apisix version`): 2.15.0-alpine
   - Operating system (run `uname -a`):  Darwin xwc1125 21.6.0 Darwin Kernel Version 21.6.0: Sat Jun 18 17:07:25 PDT 2022; root:xnu-8020.140.41~1/RELEASE_X86_64 x86_64
   - OpenResty / Nginx version (run `openresty -V` or `nginx -V`): openresty/1.21.4.1
   - etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`):  bitnami/etcd:3.4.15
   - APISIX Dashboard version, if relevant: apache/apisix-dashboard:2.13-alpine
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] spacewander commented on issue #7608: authz-casdoor redirect :503 Service Temporarily Unavailable

Posted by GitBox <gi...@apache.org>.
spacewander commented on issue #7608:
URL: https://github.com/apache/apisix/issues/7608#issuecomment-1204849710

   Same as https://github.com/apache/apisix/issues/7539?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass commented on issue #7608: authz-casdoor redirect :503 Service Temporarily Unavailable

Posted by GitBox <gi...@apache.org>.
tzssangglass commented on issue #7608:
URL: https://github.com/apache/apisix/issues/7608#issuecomment-1205020277

   This means that the callback request from the casdoor server does not carry the session.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass closed issue #7608: authz-casdoor redirect :503 Service Temporarily Unavailable

Posted by GitBox <gi...@apache.org>.
tzssangglass closed issue #7608: authz-casdoor redirect :503 Service Temporarily Unavailable
URL: https://github.com/apache/apisix/issues/7608


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] xwc1125 commented on issue #7608: authz-casdoor redirect :503 Service Temporarily Unavailable

Posted by GitBox <gi...@apache.org>.
xwc1125 commented on issue #7608:
URL: https://github.com/apache/apisix/issues/7608#issuecomment-1216541668

   @kingluo Thanks very much. Your answer is exactly right. When i turn to access apisix via 10.78.44.46, it works well.
   So the callback_url and apisix url must be the same domain.
   Thank you very much again!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] xwc1125 commented on issue #7608: authz-casdoor redirect :503 Service Temporarily Unavailable

Posted by GitBox <gi...@apache.org>.
xwc1125 commented on issue #7608:
URL: https://github.com/apache/apisix/issues/7608#issuecomment-1204871621

   I think they are different。 #7539 is need ssl. 
   But this issue is not. 
   And I follow the example.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass commented on issue #7608: authz-casdoor redirect :503 Service Temporarily Unavailable

Posted by GitBox <gi...@apache.org>.
tzssangglass commented on issue #7608:
URL: https://github.com/apache/apisix/issues/7608#issuecomment-1216815684

   Considered solved, feel free to reopen this if you need.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] kingluo commented on issue #7608: authz-casdoor redirect :503 Service Temporarily Unavailable

Posted by GitBox <gi...@apache.org>.
kingluo commented on issue #7608:
URL: https://github.com/apache/apisix/issues/7608#issuecomment-1216497366

   @tzssangglass The session is not tranfered to casdoor server. It's restored from cookie sent by the browser.
   
   ```lua
      -- session here either comes from cookie or new generated
       local session_obj_read, session_present = session.open()
       ...
       if current_uri == real_callback_url then
           -- if session_present is false, then means browser doesn't send any cookie
           if not session_present then
               err = "no session found"
               core.log.error(err)
               return 503
           end
   ```
   
   @xwc1125 Let me explain why you failed with 503 and 504.
   
   You `callback_url` uses the domain name `10.78.44.46` which is different from the one you access apisix from the browser. Before apisix redirects the browser to casdoor server, it generates a cookie for `127.0.0.1`, but then, after you success to get authenticated by casdoor server and redirects the browser to the callback addr `10.78.44.46`, the browser doesn't send any cookie to it, because the domains are different.
   
   But when you turns to access apisix via `10.78.44.46`, the whole authentication flow works (and no need to re-enter username and password in casdoor in this case, because you already login casdoor), and the upstream is accessed, but timed out. The timeout reason is pending to be found. Maybe it's network issue, you could retry.
   
   So ensure the domain in `callback_url` is the same one you access apisix in your browser.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org