RStudio job URL is wrong

Hi Jeff,

I am perplexed by the application job launch URL, which looks right for some apps but wrong for RStudio. I think the URL is more of a server-wide configuration, not application-specific.

I have trouble launching RStudio, the job URL is something like: “https://n0296.savio2:44163/auth-sign-in?appUri=appUri&error=2”, with the error messages " This site can’t be reached. Check if there is a typo in n0296.savio2. DNS_PROBE_FINISHED_NXDOMAIN".

However, with other apps, say Jupyterlab, the job URL is like “https://ood.brc.berkeley.edu/node/n0296.savio2/64042/lab?”, which is correct! There is no problem.

Where should I look to troubleshoot?

Thank you,
Wei

Can you share your view.html.erb?

< form action=“/rnode/<%= host %>/<%= port %>/auth-do-sign-in” method=“post” target=“_blank”>
< input type=“hidden” name=“username” value=“<%= ENV[“USER”] %>”>
< input type=“hidden” name=“password” value=“<%= password %>”>
< input type=“hidden” name=“staySignedIn” value=“1”>
< input type=“hidden” name=“appUri” value=“”>
< button class=“btn btn-primary” type=“submit”>
< i class=“fa fa-registered”> Connect to RStudio Server
< /button>
< /form>

I had to add " " after < , so that the file content can be displayed.

Hmmmm. OK it is apparently trying to redirect you to the the compute node it’s running on and not the ood proxy.

The underlying cause is that you’re not logging in correctly. I can tell this by the URL because it has error=2. Depending on what rstudio version you’re running, you may need to also use csrf token as well.

You can view our production rstudio for an example on how we’re passing that token.

“rstudio-server/2024.04.2-764” (basic auth )
The same version of RStudio is used on ood-server@LBNL, where Shibboleth is used as the auth method.

I just tried to add csrf token above, and I got the same error message.

Hi Jeff,

I believe the problem is internal to how we authenticate users. We will have to figure it out on our end.

Thank you so much for your time and suggestions.
Wei

Hi Jeff,

I wanted to let you know we have implemented CILogon for auth. It seems to be working quite well.

I have a question about where/how to config the default institution as UC Berkeley when starting CILogon. We provide a default institution for one of our account management services written in Python, users can still choose other options when needed. I suspect we can do something similar within Open OnDemand.

Thank you for your advice,
Wei

I’m not sure. It seems like a CILogon question which I can’t quickly find any answer for.

Hi Jeff,
The code below is for another web service we provide. Do you think this could be embedded into ood_portal.yml somehow?

href=“/accounts/cilogon/login/?process=login&auth_params=idphint%3Durn%3Amace%3Aincommon%3Aberkeley.edu”

Wei

I don’t think so, I think OIDC pulls all the URLs from a config file - this one specifically https://cilogon.org/.well-known/openid-configuration

So I’m not sure if there’s anyway to add information in the query for the same.