UNCLASSIFIED - NO CUI

Skip to content

Heimdall needs NODE_EXTRA_CA_CERTS set

Summary

Heimdall's NodeJS does not use the right certificate root CA bundle.

Steps to reproduce

The Heimdall container's NODE_EXTRA_CA_CERTS envar is unset. As such, while the base OS is using DoD certificates, Heimdall itself does not.

What is the current bug behavior?

We are unable to correctly configure Heimdall to use an OIDC provider (in this case Keycloak) because Heimdall does not trust the certs from the OIDC provider.

What is the expected correct behavior?

Should be quick and easy to configure OIDC login.

Relevant logs and/or screenshots

Possible fixes

Add NODE_EXTRA_CA_CERTS to the Dockerfile as an ENV and point it to the DoD cert bundle.

Tasks

  • Bug has been identified and corrected within the container

Please read the Iron Bank Documentation for more info

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI