Multiple URL exemption in proxy.yaml using no_proxy with WebService Connector

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

Hi All, wanted to check someone has faced this issue before and can help us. We are trying to exempt multiple URLs to go via proxy using no_proxy config paramter in proxy.yaml.

image
image1016×310 27 KB

However it works for one host i.e. we can only exempt one host from going via proxy.
Below configuration is expected to exempt both host1 and host2 from going via proxy, however it doesnt exempt any of them. Connections to both of them are going via proxy URL only.
no_proxy: <host1>|<host2>

When we define only one host1 in the no_proxy parameter, it works fine for one host1 entry.

no_proxy: <host1>

Also I tried by giving comma as I find out in an article that for CURL it is asking , but then both hosts are not responding.

Any idea on this issue will help.
Thanks Suraj.

2

Hello @suraj_gorle

Your question is respond here : Multiple URL exemption in proxy.yaml using no_proxy - Identity Security Cloud (ISC) / ISC Discussion and Questions - SailPoint Developer Community

Can you tested directly your differents connectors that url are added ?

apparently curl test does not reconized | , but JVM does.

You can keep your configuration with pipe | and test directly each connectors.

3

Hello Suraj,

The SailPoint configuration does require the pipe separation. In addition, this is case sensitive.

Have you tried using no_proxy:<host2> and validated that this host is working alone? This will help isolate whether it is an issue with the multiple hosts configuration or the second host itself.

Thanks,
Braden

4

Hi @baoussounda ,
Thanks for the reply.

As in the above article I have highlighted that using | as well as , it is not taking. I have tried both and already went through the article that you have sent but not working for me.

5

Hi @bcariaga ,
Thanks for the reply.

I have tried by using separate entries for each host but not working either.

6

Hi @suraj_gorle ,

What error do you get when you are trying CURL command. Also what’s the error when using no_proxy configuration?

7

Hi @shaileeM ,

While I am trying to CURL the API it is giving as expected result along with response. But while test connection only it is working for single application another one is giving timeout error.

8

Hi @suraj_gorle , can you check docker.env and /etc/profile.env files in your environment. Is no_proxy under these files updated for multiple URLs? Please do not edit these files, they are auto-generated.

After that you can also check the environment variables set on the VA using below command

$ env

9

Hi @shaileeM , I have check the /etc/profile.env file and no_proxy is there for multiple URLs.
But $env command is not giving any kind of response.

Thank you.

10

Hi @suraj_gorle sorry for the confusion, Please try env command, without $

11

Hi @shaileeM Noted. Tried no entry found for no_proxy but for http_proxy it is there.

12

Yes, it looks like thats the issue here. can you try below command and share the result:

echo $no_proxy

Please mask the necessary

13

Also, is the no_proxy parameter present in your docker.env?

14

Hi @shaileeM
Please find the below screenshot with the command response.

image
image986×280 57.2 KB

15

Hi @suraj_gorle, can you reboot the VA and check these variables again.

16

Hi @shaileeM, rebooted but still same response. Also after rebooting on welcome page it is returning the command not found for the 2nd hostname after pipe(|).

image
image1612×657 73.9 KB

Thank you.

17

Thanks Suraj, at some stage during our troubleshooting, we faced the same issue.

Now I suggest to open a support case and upload the charon and stunt logs to debug.

In our case, we had noticed that VA was unable to connect to certain required AWS services due to which docker.env wasn’t getting created and causing the issue.

You might have a similar issue.

Another thing I want to suggest is , you can try the following :

  1. Export the no_proxy parameter manually using following command :

export no_proxy=<host1>|<host2>

  1. Restart ccg service
  2. Check env
  3. Test connection
18

Hi @shaileeM , Thanks for the suggestion.
I have tried to export the no_proxy with pipe(|) it is not taking. It is saying command not found kind of error.
After that I have tried with comma(,) it is taking. It will cause any issue for us ?
Thank you.

19

Hi Suraj,

Updated the command to include quotes. Please give it a try:

export no_proxy="<host1>|<host2>"

Regarding comma(,) as the delimiter, no_proxy will not support. The delimiter used by no_proxy is indeed pipe (|)

20

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.