We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
7.6.0
adfs
Is it possible to send the bearer token to the backend when using a reverse proxy like nginx in front of oauth2-proxy?
nginx virtual host configuration:
server { listen 80 http2; server_name cyberchef.pippo.it; #ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem; #ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem; location / { proxy_pass http://cyberchef:8000; proxy_set_header Host $host; #proxy_redirect off; #proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Auth-Request-Redirect $request_uri; auth_request /oauth2/auth; error_page 401 = /oauth2/sign_in?rd=http://$host$request_uri; auth_request_set $auth_cookie $upstream_http_set_cookie; add_header Set-Cookie $auth_cookie; auth_request_set $user $upstream_http_x_auth_request_user; auth_request_set $email $upstream_http_x_auth_request_email; proxy_set_header X-User $user; proxy_set_header X-Email $email; auth_request_set $token $upstream_http_x_auth_request_access_token; proxy_set_header X-Access-Token $token; } location /oauth2/ { proxy_pass http://oauth2-proxy:4180; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_set_header X-Auth-Request-Redirect $request_uri; } location /oauth2/sign_out { proxy_pass http://oauth2-proxy:4180; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; } location /logout { #rewrite ^/(.*)$ https://auth.dev.pippo.it/realms/TestRealm/protocol/openid-connect/logout; proxy_pass http://oauth2-proxy:4180/oauth2/sign_out?rd=https%3A%2F%2Fauth%2Edev%2Epippo%2Eit%2Frealms%2FTestRealm%2Fprotocol%2Fopenid%2Dconnect%2Flogout; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; } }
Oauth2-proxy configuration:
OAUTH2_PROXY_COOKIE_SECRET=fLIblJsthbMhgELnmpqrCbWQD9P1vyDfI5SAs8BUG6c= OAUTH2_PROXY_CLIENT_ID=oauth2-proxy OAUTH2_PROXY_CLIENT_SECRET=secret OAUTH2_PROXY_EMAIL_DOMAINS=* OAUTH2_PROXY_SKIP_JWT_BEARER_TOKENS=true OAUTH2_PROXY_REDIRECT_URL=http://cyberchef.pippo.it/oauth2/callback OAUTH2_PROXY_HTTP_ADDRESS=0.0.0.0:4180 OAUTH2_PROXY_SESSION_STORE_TYPE=redis OAUTH2_PROXY_REDIS_CONNECTION_URL=redis://redis:6379 OAUTH2_PROXY_REVERSE_PROXY=true OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true OAUTH2_PROXY_PASS_USER_HEADERS=true OAUTH2_PROXY_SET_XAUTHREQUEST=true OAUTH2_PROXY_OIDC_ISSUER_URL=https://auth.dev.pippo.it/realms/TestRealm OAUTH2_PROXY_PROVIDER=keycloak-oidc OAUTH2_PROXY_PROVIDER_DISPLAY_NAME=Keycloak OAUTH2_PROXY_COOKIE_SECURE=false OAUTH2_PROXY_WHITELIST_DOMAINS=*.pippo.it OAUTH2_PROXY_COOKIE_DOMAINS=pippo.it OAUTH2_PROXY_INSECURE_OIDC_ALLOW_UNVERIFIED_EMAIL=true OAUTH2_PROXY_SET_AUTHORIZATION_HEADER=true OAUTH2_PROXY_PASS_AUTHORIZATION_HEADER=true OAUTH2_PROXY_PASS_AUTHORIZATION_TOKEN=true OAUTH2_PROXY_SKIP_AUTH_STRIP_HEADERS=false
No response
The text was updated successfully, but these errors were encountered:
No branches or pull requests
OAuth2-Proxy Version
7.6.0
Provider
adfs
Current Behaviour of your Problem
Is it possible to send the bearer token to the backend when using a reverse proxy like nginx in front of oauth2-proxy?
Configuration details or additional information
nginx virtual host configuration:
Oauth2-proxy configuration:
Steps To Reproduce
No response
The text was updated successfully, but these errors were encountered: