| Issue 2209: | Issues when using HTTP Authentication on root | |
| 9 people starred this issue and may be notified of changes. | Back to list |
I have noticed two problems (?) with HTTP auth used together with a reverse proxy. I think it would not be an issue if you use the documented method to only protect /login/ with HTTP auth, but I have got some feedback from some users of the plugin which told me that their instance is protected on root (/; i.e. every request). I know there is a way to configure Gerrit to show changes / projects only to registered users, but I can understand the statement that it *may* be more secure to just protect the whole instance with HTTP auth done by reverse proxy (which works fine, except for the following two points). #1: HTTP Clone Clone HTTP is not possible at all. Both reverse proxy password and Gerrit HTTP password are not accepted at password prompt (using the addresses shown in the project detail page). I have not found a workaround for this issue. #2: REST API A direct access to authenticated REST API (a/) is not directly possible. As a workaround, I first do a login with the /login/ url with a following to the rest API. This way I can use the reverse proxy authentication information (but not the HTTP Password displayed in Gerrit settings). Is this the expected behavior? IMHO it would just be easier for everyone to just leave authentication of every request to the reverse proxy when using "auth.type = HTTP". (I have posted this issue already on gerrit discussion list, but got no reply so far: https://groups.google.com/forum/#!topic/repo-discuss/UnQd3HsL820 )
Feb 22, 2015
Project Member
#1
u.wol...@gmail.com
Jun 8, 2015
(No comment was entered for this change.)
Status:
Submitted
Labels: FixedIn-2.12
Jul 27, 2015
Can this get merged into stable-2.11? This patch applies cleanly and it provides a way to fix issue #3208 for people (i.e., me). I rolled my own local gerrit.war for the time being, but it would be good if there was an official build. If 2.12 is due out sooner than a 2.11.3 would be out, then nevermind!
Aug 4, 2015
Change for 2.11: https://gerrit-review.googlesource.com/70070
Aug 4, 2015
Issue 3208 has been merged into this issue.
Aug 6, 2015
@geek...: The change is in review for 2.11 (backport). It would be great if your could verify that it fixes things for your as well (I do not have time to test it right now). Please post test-results here.
Aug 18, 2015
Sorry for the delay in responding, I can confirm that the backport in 70070 works for me.
Aug 18, 2015
(No comment was entered for this change.)
Labels:
-FixedIn-2.12 FixedIn-2.11.3
Aug 20, 2015
(No comment was entered for this change.)
Status:
Released
|
|
| ► Sign in to add a comment |