Cannot log in to SSO with SAML after changing permanent cookies to session cookies.

[laiminhtrung1997]

Please confirm the following

• I agree to follow this project's code of conduct.
• I have checked the current issues for duplicates.
• I understand that AWX is open source software provided for free and that I might not receive a timely response.
• I am NOT reporting a (potential) security vulnerability. (These should be emailed to security@ansible.com instead.)

Bug Summary

Storing session information (cookies) on disk as permanent cookies poses a security risk, as they may be stolen. To mitigate this, I have configured Envoy to modify the cookie attributes, setting Expires/Max-Age to Session instead of a specific date and time.

After making this change, we attempted to log in to AWX using SAML. However, AWX continuously redirects, and after a few seconds, the AWX UI returns to the login page with two errors related to the APIs https://awx.com/api/v2/config/ and https://awx.com/api/v2/me/, both showing a 401 status code.

AWX version

23.6.0

Select the relevant components

• UI
• UI (tech preview)
• API
• Docs
• Collection
• CLI
• Other

Installation method

kubernetes

Modifications

no

Ansible version

No response

Operating system

No response

Web browser

No response

Steps to reproduce

Configured Envoy to modify the cookie attributes, setting Expires/Max-Age to Session instead of a specific date and time.

Expected results

Successfully logged in to AWX using SAML.

Actual results

Failed to log in to AWX using SAML.

Additional information

No response