TLJH not working behind AWS Verified Access endpoint

I am trying to deploy behind AWS Verified Access end points. The idea is that authentication is done via AWS and when this is coupled with Remote User Authenticator, users are seamlessly logged in. This is all working fine. The launcher page starts. However, whenever I try to start the terminal or a kernel, it hangs. Looking at the browser log, it seems like all websocket calls are getting rejected with 403 error. However, all GET calls are succeeding. I don’t really understand what is going on particularly well. Looking at the HTTP headers, the websocket call seems to be missing X-XSRFToken. Not sure if this is the problem but this looks odd… The rejected is at AWS endpoint. It is denying authorization. I would appreciate any ideas/help.

Does your setup work without AWS Verified Access? Does AWS Verified Access definitely support websockets?

Yes. It works fine without AWS Verified Access. I am asking AWS so let me confirm. Thanks for writing back.

AWS Verified Acess only supports HTTP and HTTPS protocols, and WEbsocket uses the WSS protocol, I’m facing the same issue with my company application about it.

2 Likes