Ambassador 0.50 on /login redirect returns 404 about ambassador-auth-oidc HOT 9 CLOSED

Cool stuff, thank you @volatilemolotov!

Future Ambassador versions will of course be supported, I just hadn't had the time to try the new version yet.

I'll test that the change doesn't break anything in earlier versions in the evening and merge it after that.

from ambassador-auth-oidc.

Hi! URL looks like it should be handled by the authentication component, so Ambassador should proxy the request to AuthProxy for finishing the login flow. Can you see anything in either Ambassador's or AuthProxys logs about this? If you don't see anything off, could you post your AuthProxy settings (redacted, of course) as its possibly a misconfiguration.

The step is known as id exchange and this is the step where AuthProxy fetches user identity from the provider (Auth0) to make sure that the login was succesful.

from ambassador-auth-oidc.

I see in the auth proxy that it detects no auth and redirects to login. Config is in kubernetes secrets and is as follows:

ambassador-auth-client-id: VALIDID

ambassador-auth-client-secret: VALIDSECRET

ambassador-auth-jwt-key: generated using openssl rand -base64 64|tr -d '\n '

ambassador-auth-oidc-provider: https://myusername.eu.auth0.com/

ambassador-auth-self-url: https://mydomain-used-on-ambassador-ip.redacted

Using auth0 as auth provider (Also tried with GSuite and same thing happens). I get the redirect to auth0 login screen and after login i get the 404 on https://mydomain-used-on-ambassador-ip.redacted/login/oidc?sometoken path

from ambassador-auth-oidc.

Does AuthProxy return the "no auth, redirecting" log line twice? On the first occasion this is supposed to happen as user doesn't have a valid session, but second time the state should exist. If you're seeing it twice, could you post your Kubernetes spec files (or if you're using the example ones in misc folder, please let me know), so I can try to replicate the issue. I've been using Auth0 myself with AuthProxy and it behaves according to standard, so it isn't a problem on their side for sure.

from ambassador-auth-oidc.

This is the log output prom the container :

2019/01/14 12:12:57 Using Redis at localhost:6379
2019/01/14 12:12:57 No SKIP_AUTH_URI specified, using '' as default.
2019/01/14 12:12:58 Starting web server at :8080
2019/01/14 12:13:13 10.164.0.12,10.28.0.17 /example/ Cookie not set, redirecting to login.
2019/01/14 12:14:47 10.164.0.12,10.28.0.17 /httpbin/ip Cookie not set, redirecting to login.

EDIT:

yes im using the example ones form the repo

from ambassador-auth-oidc.

It would seem that redirect URL (your base url + "/login/oidc") is not correctly forwarded to AuthProxy, as it's not seeing the redirect requests. The 404 is thus returned by Ambassador itself.

What version of Ambassador are you using? I haven't yet tested this with 0.50 release candidates and am using 0.40.0.

from ambassador-auth-oidc.

Yes i am using the 0.50 RC. Will try downgrading and see what happens.

from ambassador-auth-oidc.

Works with ambassador 0.40.2.

@ajmyyra Have you got the energy to debug this? Is this something you plan on supporting. This auth plugin is great alternative to ambassador pro. If you are willing i can supply you with logs and debugs if you need.

Thanks for help and for your great work.

from ambassador-auth-oidc.

@ajmyyra Think i have fixed it by adding:

      ---
      apiVersion: ambassador/v0
      kind:  Mapping
      name:  login_mapping
      prefix: /login/
      service: oidc-auth:8080

from ambassador-auth-oidc.