Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

hi all, i deployed paralus with kratos and want to use private gitlab as idp provider, but callback timout, i found some error in kratos pod log:
```time=2023-11-29T02:39:50Z level=error msg=An error occurred and is being forwarded to the error user interface. audience=application error=map[debug: message:An internal server error occurred, please contact the system administrator reason:GET <https://gitlab.xxx.com/oauth/userinfo> giving up after 3 attempt(s): Get "<https://gitlab.xxx.com/oauth/userinfo>": 1xx.x.x.x is not a public IP address status:Internal Server Error status_code:500]```
kratos calls gitlab api from external ory service? or depends on any public ory service?

This is Kratos’ SSRF protection. In your example, <http://gitlab.xxx.com|gitlab.xxx.com> resolves to a non-publicly routable address. Kratos blocks that.

thanks, i found that i can add <http://gitlab.xxx.com|gitlab.xxx.com> to `clients.http.private_ip_exception_urls`