Google reCAPTCHA doesn't work in OSP behind a proxy

  • 7025174
  • 24-Jun-2021
  • 28-Jun-2021

Environment

Advanced Authentication 6.x
AAF

Situation

Google reCAPTCHA doesn't work for SAML 2.0 and OAuth 2.0/ OpenID Connect events, New Enrollment Portal, Smartphone Enrollment event and OOB UI event.
After clicking "I'm not a robot" or selecting images, a checkbox appears and then after one minute an error is displayed: "Verification expired. Check the checkbox again".
A second later: "504 Gateway Time-out" error is displayed.
A proxy is used.

Resolution

A workaround for proxies which do not require authentication:

Stop the aucore services:
/opt/aauth/stop

Modify the docker-compose configuration:

vi /opt/aauth/docker-compose.yml


Locate the webauth section and between the lines

    image: mfsecurity/aaf-webauth:<version>

and 

    volumes:

add the following section:

    environment:

      - "JAVA_OPTS=-XX:MaxRAM=4g -XX:+ExitOnOutOfMemoryError -Dfile.encoding=UTF-8 -Dhttp.proxyHost=REPLACE_BY_YOUR_PROXY_SERVER -Dhttp.proxyPort=REPLACE_BY_THE_PROXY_PORT -Dhttp.nonProxyHosts='localhost|127.0.0.1|NON_PROXY_HOST_1|NON_PROXY_HOST_2' -Dhttps.proxyHost=REPLACE_BY_YOUR_PROXY_SERVER -Dhttps.proxyPort=REPLACE_BY_THE_PROXY_PORT"


Start the aucore services:
/opt/aauth/start

Cause

Web Authentication engine (OSP) currently does not support proxy.

Additional Information

At the moment, there is no solution for proxy servers that require authentication. It is planned to be supported in a future release.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.