You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am trying to use Keycloak + Oauth2 proxy to protect some resources that do not - or can not - have authentication on their own. The larger idea for this is to secure several endpoints and use Keycloak to determine who can and who can not access my stuff. For instance, I have a Discord provider installed that will allow users in certain servers to authenticate - and now, I need to plug the other end of the chain, making my apps return to the oauth2-proxy for doing the login.
All my apps live on *.birb.it - the root domain itself is tied to another service.
Right now, I have gotten to the point where I can see the oauth2-proxy login screen - but ONLY when I am NOT visiting /. In this here example, I used a reverse-proxy configuration to point to my router's management UI. It uses all kinds of odd things - so if I can make that one work, everything else is a given. Also, it's broken:
I am pretty sure that there is but a minor oopsie that I am overlooking... Maybe you can help me spot it?
(Priorities are swapped so they do apply on my local network - this will be rewersed later, so I can selectively protect or not-protect things. Alternatively, chaining the various auth-middlewares into the traefik endpoints config to apply them everywhere might be a good alternative - not sure which way I will go. But, this endpoint's config is temporary - this will actually go away entirely down the line, as there is no real need to expose it through k3s. Great for tests though!)
Steps To Reproduce
Install k3s
Implement a throw-away test endpoint (like whoami)
Implement a Keycloak deployment or another OIDC provider
Edit and apply the above configuration snippet
Use the three middlewheres in an IngressRoute to see the result.
The text was updated successfully, but these errors were encountered:
OAuth2-Proxy Version
7.6.0
Provider
keycloak-oidc
Current Behaviour of your Problem
Hello there!
I am trying to use Keycloak + Oauth2 proxy to protect some resources that do not - or can not - have authentication on their own. The larger idea for this is to secure several endpoints and use Keycloak to determine who can and who can not access my stuff. For instance, I have a Discord provider installed that will allow users in certain servers to authenticate - and now, I need to plug the other end of the chain, making my apps return to the oauth2-proxy for doing the login.
All my apps live on
*.birb.it
- the root domain itself is tied to another service.Right now, I have gotten to the point where I can see the oauth2-proxy login screen - but ONLY when I am NOT visiting
/
. In this here example, I used a reverse-proxy configuration to point to my router's management UI. It uses all kinds of odd things - so if I can make that one work, everything else is a given. Also, it's broken:I am pretty sure that there is but a minor oopsie that I am overlooking... Maybe you can help me spot it?
Thank you! Kind regards,
Ingwie
Configuration details or additional information
And this is the
IngressRoute
in the "router endpoint" itself(Priorities are swapped so they do apply on my local network - this will be rewersed later, so I can selectively protect or not-protect things. Alternatively, chaining the various auth-middlewares into the traefik endpoints config to apply them everywhere might be a good alternative - not sure which way I will go. But, this endpoint's config is temporary - this will actually go away entirely down the line, as there is no real need to expose it through k3s. Great for tests though!)
Steps To Reproduce
whoami
)IngressRoute
to see the result.The text was updated successfully, but these errors were encountered: