From fef69cced85fd6512d352791d9123f8d8449acdc Mon Sep 17 00:00:00 2001 From: Tom Clegg Date: Thu, 7 Dec 2017 15:33:22 -0500 Subject: [PATCH 1/1] 11453: "sso_insecure" config applies to remote Arvados auth, too. Arvados-DCO-1.1-Signed-off-by: Tom Clegg --- services/api/app/models/api_client_authorization.rb | 3 +++ services/api/config/application.default.yml | 7 ++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb index 55bd31742e..5f812191c1 100644 --- a/services/api/app/models/api_client_authorization.rb +++ b/services/api/app/models/api_client_authorization.rb @@ -133,6 +133,9 @@ class ApiClientAuthorization < ArvadosModel # [re]validate it. begin clnt = HTTPClient.new + if Rails.configuration.sso_insecure + clnt.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE + end remote_user = SafeJSON.load( clnt.get_content('https://' + host + '/arvados/v1/users/current', {'remote' => Rails.configuration.uuid_prefix}, diff --git a/services/api/config/application.default.yml b/services/api/config/application.default.yml index 1bb45b90f4..a1c35f10fc 100644 --- a/services/api/config/application.default.yml +++ b/services/api/config/application.default.yml @@ -410,9 +410,10 @@ common: arvados_theme: default - # Permit insecure (OpenSSL::SSL::VERIFY_NONE) connections to the Single Sign - # On (sso) server. Should only be enabled during development when the SSO - # server is using a self-signed cert. + # Permit insecure (OpenSSL::SSL::VERIFY_NONE) connections to the + # Single Sign On (sso) server and remote Arvados sites. Should only + # be enabled during development when the SSO server is using a + # self-signed cert. sso_insecure: false ## Set Time.zone default to the specified zone and make Active -- 2.30.2