Geo secondary UI redirects to primary UI after Okta SSO
Summary
We upgraded our geo configured gitlab EE instances. The upgrade path was from gitlab-ee=14.10.5-ee.0, then to gitlab-ee=15.0.5-ee.0, then to gitlab-ee=15.1.6-ee.0, and finally to gitlab-ee=15.2.4-ee.0.
Before the upgrade, we could access both our primary and our geo nodes UIs. After the upgrade, when navigating to our geo node's URL, the callback URL after Okta authentication redirects back to the primary node's UI. The geo node's UI is inaccessible, but replication is happening on the backend.
Steps to reproduce
- Navigate to geo node's URL
- Authenticate through Okta
- The authenticated session is always the primary node's UI.
What is the current bug behavior?
After navigating to geo node's URL, the authentication redirects you to the primary node's UI.
What is the expected correct behavior?
After navigating to geo node's URL, the authentication redirects you to the geo node's UI.
Relevant details
Results of GitLab application Check
# gitlab-rake gitlab:geo:check
Checking Geo ...
GitLab Geo is available ...
GitLab Geo is enabled ... yes
This machine's Geo node name matches a database record ... yes, found a primary node named "PRIMARY_NODE"
HTTP/HTTPS repository cloning is enabled ... yes
Machine clock is synchronized ... yes
Git user has default SSH configuration? ... yes
OpenSSH configured to use AuthorizedKeysCommand ... skipped
Reason:
Cannot access OpenSSH configuration file
Try fixing it:
This is expected if you are using SELinux. You may want to check configuration manually
For more information see:
doc/administration/operations/fast_ssh_key_lookup.md
GitLab configured to disable writing to authorized_keys file ... yes
GitLab configured to store new projects in hashed storage? ... yes
All projects are in hashed storage? ... yes
Checking Geo ... Finished
Edited by Michael Kozono