Comments (9)
Cool stuff, thank you @volatilemolotov!
Future Ambassador versions will of course be supported, I just hadn't had the time to try the new version yet.
I'll test that the change doesn't break anything in earlier versions in the evening and merge it after that.
from ambassador-auth-oidc.
Hi! URL looks like it should be handled by the authentication component, so Ambassador should proxy the request to AuthProxy for finishing the login flow. Can you see anything in either Ambassador's or AuthProxys logs about this? If you don't see anything off, could you post your AuthProxy settings (redacted, of course) as its possibly a misconfiguration.
The step is known as id exchange and this is the step where AuthProxy fetches user identity from the provider (Auth0) to make sure that the login was succesful.
from ambassador-auth-oidc.
I see in the auth proxy that it detects no auth and redirects to login. Config is in kubernetes secrets and is as follows:
ambassador-auth-client-id: VALIDID
ambassador-auth-client-secret: VALIDSECRET
ambassador-auth-jwt-key: generated using openssl rand -base64 64|tr -d '\n '
ambassador-auth-oidc-provider: https://myusername.eu.auth0.com/
ambassador-auth-self-url: https://mydomain-used-on-ambassador-ip.redacted
Using auth0 as auth provider (Also tried with GSuite and same thing happens). I get the redirect to auth0 login screen and after login i get the 404 on https://mydomain-used-on-ambassador-ip.redacted/login/oidc?sometoken path
from ambassador-auth-oidc.
Does AuthProxy return the "no auth, redirecting" log line twice? On the first occasion this is supposed to happen as user doesn't have a valid session, but second time the state should exist. If you're seeing it twice, could you post your Kubernetes spec files (or if you're using the example ones in misc folder, please let me know), so I can try to replicate the issue. I've been using Auth0 myself with AuthProxy and it behaves according to standard, so it isn't a problem on their side for sure.
from ambassador-auth-oidc.
This is the log output prom the container :
2019/01/14 12:12:57 Using Redis at localhost:6379
2019/01/14 12:12:57 No SKIP_AUTH_URI specified, using '' as default.
2019/01/14 12:12:58 Starting web server at :8080
2019/01/14 12:13:13 10.164.0.12,10.28.0.17 /example/ Cookie not set, redirecting to login.
2019/01/14 12:14:47 10.164.0.12,10.28.0.17 /httpbin/ip Cookie not set, redirecting to login.
EDIT:
yes im using the example ones form the repo
from ambassador-auth-oidc.
It would seem that redirect URL (your base url + "/login/oidc") is not correctly forwarded to AuthProxy, as it's not seeing the redirect requests. The 404 is thus returned by Ambassador itself.
What version of Ambassador are you using? I haven't yet tested this with 0.50 release candidates and am using 0.40.0.
from ambassador-auth-oidc.
Yes i am using the 0.50 RC. Will try downgrading and see what happens.
from ambassador-auth-oidc.
Works with ambassador 0.40.2.
@ajmyyra Have you got the energy to debug this? Is this something you plan on supporting. This auth plugin is great alternative to ambassador pro. If you are willing i can supply you with logs and debugs if you need.
Thanks for help and for your great work.
from ambassador-auth-oidc.
@ajmyyra Think i have fixed it by adding:
---
apiVersion: ambassador/v0
kind: Mapping
name: login_mapping
prefix: /login/
service: oidc-auth:8080
from ambassador-auth-oidc.
Related Issues (15)
- Change from securecookies to JSON Web Tokens HOT 1
- Better logging HOT 1
- Allow limiting users based on userinfo HOT 3
- Whitelist for endpoints not requiring authentication HOT 5
- Possibility to return JWT token via the headers HOT 2
- Version without Redis? HOT 3
- Unknown x509 certificate HOT 4
- Redirect in JWT validation error
- Make the userinfo endpoint optional HOT 1
- Ambassador-->oidc-->Keycloak: Failed to exchange token: oauth2 HOT 4
- use UTC time HOT 1
- support access control using additional claims in id_token HOT 1
- SELF_URL adds additional path HOT 1
- Redirect fails after successful login HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ambassador-auth-oidc.