Unauthorized to access cloudbeaver after idle session
deepaksinghkhetwal opened this issue · comments
Describe the bug
I have configured access to cloudbeaver using reverse proxy(apache web server) adding ldap authentication. I can login to the cloudbeaver successfully. But after some time I am getting below error. I can login to incognito properly though
GQL Error: 401 Unauthorized
GQL Error: 401 Unauthorized
at CustomGraphQLClient.overrideRequest ()
at async NetworkStateService.sessionExpiredInterceptor ()
at async SessionExpireService.sessionExpiredInterceptor ()
at async SessionResource.loader ()
at async SessionResource.loadingTask ()
at async SessionResource.taskWrapper ()
at async Task.task ()
I have to remove cache and can login again
To Reproduce
Steps to reproduce the behavior:
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
- OS: [e.g. iOS]
- Browser [e.g. chrome, safari]
- Version [e.g. 22]
Additional context
On checking logs in the pod,
20-06-2024 07:46:21.211 [qtp182254297-41] ERROR i.c.service.WebServiceBindingBase - Unexpected error during gql request
io.cloudbeaver.DBWebException: User authentication failed:
Authentication parameter 'user' is missing
Below is the header configuration in httpd.conf
RequestHeader add X-User %{AUTHENTICATE_SAMACCOUNTNAME}e
RequestHeader add X-Role user
RequestHeader add X-First-name %{AUTHENTICATE_GIVENNAME}e
RequestHeader add X-Last-name %{AUTHENTICATE_SN}e
Hi @deepaksinghkhetwal
Could you please show your proxy server config
Hello @EvgeniaBzzz
Please find my proxy server config
<VirtualHost *:80>
<Location / >
ProxyPass http://localhost:8978/
ProxyPassReverse http://localhost:8978/
AuthType Basic
AuthName "Enter LDAP credentials"
AuthBasicProvider ldap
AuthLDAPGroupAttribute memberOf
AuthLDAPSubGroupClass group
AuthLDAPGroupAttributeIsDN On
AuthLDAPURL removed
AuthLDAPBindDN removed
AuthLDAPBindPassword removed
require valid-user
RequestHeader add X-User %{AUTHENTICATE_SAMACCOUNTNAME}e
RequestHeader add X-Role user
RequestHeader add X-Team db-access
RequestHeader add X-First-name %{AUTHENTICATE_GIVENNAME}e
RequestHeader add X-Last-name %{AUTHENTICATE_SN}e
</Location>
</VirtualHost>
The X-User header stops coming at some point. Possibly due to the end of the LDAP session.
Could you also check if there is any errors in apache logs?
All the logs show 401 status code
Removed IP Address - - [24/Jun/2024:16:01:17 +0000] "HEAD / HTTP/1.1" 401 -
Removed IP Address - - [24/Jun/2024:16:01:18 +0000] "POST /api/gql HTTP/1.1" 401 381
Removed IP Address - - [24/Jun/2024:16:01:19 +0000] "GET /api/ws HTTP/1.1" 401 381
Removed IP Address - - [24/Jun/2024:16:01:19 +0000] "POST /api/gql HTTP/1.1" 401 381
Removed IP Address - - [24/Jun/2024:16:01:20 +0000] "GET /service-worker.js HTTP/1.1" 401 381
Removed IP Address - - [24/Jun/2024:16:01:21 +0000] "GET /api/ws HTTP/1.1" 401 381
Logs when logged in from incognito
Removed IP Address - deepak [24/Jun/2024:16:02:24 +0000] "HEAD / HTTP/1.1" 200 -
Removed IP Address - deepak [24/Jun/2024:16:02:55 +0000] "HEAD / HTTP/1.1" 200 -
Removed IP Address - deepak [24/Jun/2024:16:02:56 +0000] "POST /api/gql HTTP/1.1" 200 4894
Removed IP Address - deepak [24/Jun/2024:16:02:56 +0000] "POST /api/gql HTTP/1.1" 200 270
At the moment we don't have solution on our side.
As a workaround, you could add cache clearing to your apache config.
Header set Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
Header set Pragma "no-cache"
Header set Expires "0"