- Más nuevo
- Más votos
- Más comentarios
Hello,
HTTP 500 error will occur in this setup if the load balancer is unable to communicate with the IdP token endpoint or the IdP user info endpoint
The following would be my recommendation to troubleshoot this issue:
-
Verify that the IdP's DNS is publicly resolvable.
-
Verify that the security groups for your load balancer and the network ACLs for your VPC allow outbound access to these endpoints.
-
Verify that your VPC has internet access. If you have an internal-facing load balancer, use a NAT gateway to enable internet access.
You can also check metrics like ELBAuthError, ELBAuthFailure under "AWS/ApplicationELB” namespace for more information.
Hi,
thanks for your answer. Yes we checked them all:
- The IdP DNs is resolveable from internet (we have an ALB with public IP's in front) and also the tls certificate is valid.
- We checked this by changing the oidc configuration of the ALB from our own IDP to our corporate IDP (which is internet facing). With the corpororate IDP the setup is working.
- Yes, the VPC has internet access.
What we also encounter: In the Monitoring View of the IDP-ALB (i.e. the ALB in front of our own IDP), we see "Client TLS Negotiation Errors". Are there any requirements regarding the Certificate of the IDP aside that it must be a "public" Certificate ? Any restrictions key length ?
Contenido relevante
- OFICIAL DE AWSActualizada hace 2 años
- OFICIAL DE AWSActualizada hace 2 años
- OFICIAL DE AWSActualizada hace 5 meses