Forward Proxy support for Local Development Login
We have a forward http proxy with authentication enabled in our environment.
When clicking "Login with Devolutions Account" I get the following exception:IDX20803: Unable to obtain configuration from: 'https://login.devolutions.com/.well-known/openid-configuration'. Will retry at '1/1/0001 12:00:00 AM +00:00'. Exception: 'System.IO.IOException: IDX20804: Unable to retrieve document from: 'https://login.devolutions.com/.well-known/openid-configuration'. ---> System.Net.Http.HttpRequestException: The proxy tunnel request to proxy 'http://{OurProxyServerAddressHere}/' failed with status code '407'." at System.Net.Http.HttpConnectionPool.EstablishProxyTunnelAsync(Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.InjectNewHttp11ConnectionAsync(QueueItem queueItem) at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken) at System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken) at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.SendAndRetryOnNetworkErrorAsync(HttpClient httpClient, Uri uri) at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel) --- End of inner exception stack trace --- at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel) at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel) at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)'.
Is there a way we can define proxy configurations including credentials in the appsettings.json?
I've tried to set HTTP_PROXY and HTTPS_PROXY vars for the windows service to no effect.
Also tried setting NO_PROXY to * and .* to try and bypass the proxy detection but it still tries to use the proxy server.
All Comments (3)
I use http_proxy, https_proxy and no_proxy but had to put them in lower case and also needed to reboot, that works for my scripts communicating out. You'd also have to double check the wild cards, all my entries are full addresses. For example:
http_proxy = "http://11.0.0.1"
https_proxy = "http://11.0.0.1"
no_proxy = "localhost,hostname,hostname.domain.com"
However I don't personally use the devolutions login so can't comment about that, but I do know in the PSU settings\platform menu there's an option to configure proxy location and proxy credentials too - I think this may be for things like updates & git etc.
I use http_proxy, https_proxy and no_proxy but had to put them in lower case and also needed to reboot, that works for my scripts communicating out.
However I don't personally use the devolutions login so can't comment about that, but I do know in the PSU settings\platform menu there's an option to configure proxy location and proxy credentials too - I think this may be for things like updates & git etc.
In this case I’m trying to login with the devolutions login as that’s apparently needed for a free local development instance. We don’t currently have any licenses for this and I’m mostly just trying to evaluate it locally on my workstation first.
So even if there are proxy configurations in the settings, I need to be able to login to get to them.
If I run the service as my user account instead of system I can see some web traffic in the proxy logs that is authenticated using Kerberos automatically. However the the configuration for the .NET HttpClient used for the OAuth flow must not be configured with automatic proxy authentication enabled.
@nickireland It certainly could be an issue with the HttpClient, but I'm not 100% sure we use that for the flow in this case. We do do some weird ping ponging between localhost and 127.0.0.1 that we are resolving in the next version to support Docker and IIS configurations for developer instances. For the time being, you can always grab a trial key here: Trial | PowerShell Universal It will enable all the features. We will also be adding trial key requests directly into PSU in the next version to avoid having to jump out to get one.
Adam Driscoll
PowerShell Expert and Developer at Devolutions