I am setting up a development server for Trino using Trino's docker image. I need to integrate Trino to LDAP so we decided to secure Trino behind a load balancer (see here) but after enabling password authentication, we see the following when we access Trino (https://trino_domain) WebUI:
My config.properties are as follows:
By right I should be prompted with the usual login screen with the password field enabled. There is no errors in the logs. The only warning I could find is
I could not find anything on google on this so I am not sure what is missing/wrong. Please help.
This is expected behavior when attempting to connect via http when the coordinator is configured for https.
This video might help you configure Trino with a load balancer and LDAP:
https://www.youtube.com/watch?v=KiMyRc3PSh0
Related
I was trying to connect confluence to google workspace secure ldap following 'https://support.google.com/a/answer/9089736?hl=en' And now I am trying to set up the stunnel as a proxy, but when it comes to the last step, "Configure your application to point to ldap://127.0.0.1:1636.", I've no idea of how to do, could you please help to tell me how to config this?
My Azure application needs to connect to an API that is deployed on a remote server. The Azure app uses https, while the API uses http. To avoid a mixed content issue, I changed my API address to https. But now I receive the following error:
Failed to load resource: net::ERR_SSL_PROTOCOL_ERROR
So in summary, using http for my API gives me a Mixed Content error, and using https for my API gives me an SSL-related error.
Does anyone have experience providing an SSL certificate to an API thats already been deployed? Any advice would be greatly appreciated. Thank you.
I'm new on the world of load balancing...
I heard about HAProxy and I wonder if I can achieve this objective (not found yet over searches already done):
HAProxy receive a MQTT/HTTP connection with basic authentication
(login-password) or token based
HAProxy checks credentials from a Database (or
LDAP)
HAProxy manage the access depending on the authenticated User.
--> all of user/credential and ACL should be stored in Database.
Is this possible? Is there in HAProxy a system of custom plugin/add-on to enhance its behavior ?
I found things about settings list of ACL directly in the configuration with already existing list of login/password (but not dynamically even if cached after)
Thanks a lot for your ideas.
I think this is only supported in Enterprise Haproxy:
The HAProxy Single Sign-On solution [...] is also compatible with Microsoft Active Directory or OpenLDAP servers.
https://www.haproxy.com/documentation/hapee/1-8r1/security/using-sso/
The only plugin I found is a http request check to see if user is authenticated on an arbitrary endpoint:
https://github.com/TimWolla/haproxy-auth-request
But it requires a specialized web app responding the requests for that.
I have been reading the Openshift documentation for secured (SSL) routes.
Since I use a free plan, I can only have an "Edge Termination" route, meaning the SSL is ended when external requests reach the router, with contents being transmitted from the router to the internal service via HTTP.
Is this secure ? I mean, part of the information transmission is done via HTTP in the end.
The connection between where the secure connection is terminated and your application which accepts the proxied plain HTTP request is all internal to the OpenShift cluster. It doesn't travel through any public network in the clear. Further, the way the software defined networking in OpenShift works, it is not possible for any other normal user to see that traffic, nor can applications running in other projects see the traffic.
The only people who might be able to see the traffic are administrators of the OpenShift cluster, but the same people could access your application container also. Any administrators of the system could access your application container even if using a pass through secure connection terminated with your application. So is the same situation as most managed hosting, where you rely on the administrators of the service to do the right thing.
I want to configure LDAP over SSL. I know how to configure it. I am going to use this LDAP server to authenticate user at time of logging in my web site. But In case if any error/exception that may occur due to LDAP over SSL ( like certificate expired, empty certificate store ), I DONT WANT USER WILL BE PREVENTED TO LOGIN JUST BECAUSE OF MERE SSL exception. What I want to do in that case is to use LDAP WITHOUT SSL. Can I configure one LDAP server to run with and without SSL at different port simultenously? Or I must use two different LDAP server (and so machine) and arrange some fail over mechanism that if one fails than automatically request will be serverd by other server (without SSL)?
Please help me regarding how to address this scenario.
Above description might be not detailed but if you want I can describe more.
Thanks in advance.