Use OAuth on High Availability Setup

JFrog Platform Administration Documentation

Content Type
Administration / Platform
ft:sourceType
Paligo

The OAuth protocol requires the client to give permission to a specific application. JPD will redirect the user to the configured application URL and one permission is granted user will be navigated back.

The limitation on this process when working in High Availability setup is that the user must return to the same node, otherwise the authentication process will fail, in order to achieve this a sticky session configuration should include the /artifactory/api/oauth2/.

The example below shows NGINX configuration.

NGINX Reverse Proxy Configuration

location ~ (/artifactory/webapp/|/artifactory/ui/|/artifactory/api/oauth2/) {
        proxy_http_version      1.1;
        proxy_pass              http://<UPSTREAM_NAME>;
        proxy_intercept_errors  on;
        proxy_pass_header       Server;
        proxy_connect_timeout   75s;
        proxy_send_timeout      2400s;
        proxy_read_timeout      2400s;
        proxy_set_header        Host $host;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $http_x_forwarded_proto;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host;
}