Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Load CA certificates for Assent to enable https connection in SSO.
Otherwise, we get the imfamous
{:tls_alert, {:unknown_ca, ~c"TLS client: In state wait_cert_cr at ssl_handshake.erl:2133 generated CLIENT ALERT: Fatal - Unknown CA\n"}}
error.Besides that, I have improved a bit the SSO login page to prompt a basic error message if the configuration fails.
We could've gone with the standard 500 error, but it looks less obvious. Either way, you need to access the server logs to see the exact error (which can be of different reason).
This is how it looks like:
PD: To test it locally, add the next lines to your local
dev.local.exs
file:How was this tested?
Tested with some test and specially manually, using our demo IDP environment.
Did you update the documentation?
No, but we should consider adding maybe some troubleshooting section.
Besides, once we decide how to load the CA certificates, specially in helm, we will need to document this is it requires user intervention (which will be the case almost certainly)