Environment
Advanced Authentication 6.x
AAF
Situation
Google reCAPTCHA doesn't work for SAML 2.0 and OAuth 2.0/ OpenID Connect events, New Enrollment Portal, Smartphone Enrollment event and OOB UI event.
After clicking "I'm not a robot" or selecting images, a checkbox appears and then after one minute an error is displayed: "Verification expired. Check the checkbox again".
A second later: "504 Gateway Time-out" error is displayed.
A proxy is used.
Resolution
A workaround for proxies which do not require authentication:
Stop the aucore services:
/opt/aauth/stop
Modify the docker-compose configuration:
vi /opt/aauth/docker-compose.yml
Locate the webauth section and between the lines
image: mfsecurity/aaf-webauth:<version>
and
volumes:
add the following section:
environment:
- "JAVA_OPTS=-XX:MaxRAM=4g -XX:+ExitOnOutOfMemoryError -Dfile.encoding=UTF-8 -Dhttp.proxyHost=REPLACE_BY_YOUR_PROXY_SERVER -Dhttp.proxyPort=REPLACE_BY_THE_PROXY_PORT -Dhttp.nonProxyHosts='localhost|127.0.0.1|NON_PROXY_HOST_1|NON_PROXY_HOST_2' -Dhttps.proxyHost=REPLACE_BY_YOUR_PROXY_SERVER -Dhttps.proxyPort=REPLACE_BY_THE_PROXY_PORT"
Start the aucore services:
/opt/aauth/start
Cause
Web Authentication engine (OSP) currently does not support proxy.
Additional Information
At the moment, there is no solution for proxy servers that require authentication. It is planned to be supported in a future release.