search

Gwojda / keycloakopenid

keycloakopenid
34 stars 16 forks source link

[Feature request] Allow configuration of the 'X-Forwarded-User' header name #19

Closed glacasa closed 9 months ago

glacasa commented 9 months ago

Hi, thanks for the plugin

I have installed it to use Keycloak as auth server for FreshRSS. I am redirected to Keycloak, and then back to the web app, but the auth doesn't work as intended

When the user is logged, the user name is sent in the X-Forwarded-User header, while FreshRSS expects the username in the Remote-User or X-WebAuth-User header :
https://freshrss.github.io/FreshRSS/en/admins/09_AccessControl.html -> External Authentication

With an option to change the header name, I would be able to make it work 😊

Gwojda commented 9 months ago

Hi Glacasa, Quickly reviewed your PR, looks good for me but i didnt have time to check it for now.. Sorry ! Maybe @thosil or @Skiepp can help you for testing it before i accept the merge and create a new release. Thanks for your contribution ! Gautier

Skiepp commented 9 months ago

@glacasa have you tested it? Otherwise let me know, I can help you testing.

Do not forget to update the documentation readme plz.

glacasa commented 9 months ago

Hi @Skiepp ,

I have updated the PR with README update.

I didn't test, I don't understand how I can load the plugin.

I tried to update the keycloak config to load my own repository

experimental:
  plugins:
    keycloakopenid:
      moduleName: "github.com/glacasa/keycloakopenid"
      version: "v0.2"

But Traefik doesn't load the plugin 

unable to set up plugins environment: unable to download plugin github.com/glacasa/keycloakopenid: error: 404: {\"error\":\"Unknown plugin: github.com/glacasa/keycloakopenid@v0.2\"}

I would like to load it in Local mode (as seen in docs ), but I don't know how to load it.

I use it on a single server with Docker compose (no kube or swarm), here is my docker-compose file :

version: '3.5'

services:
  traefik:
    image: traefik:v3.0
    ports:
      - "80:80"
      - "443:443"
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik.config.yml:/etc/traefik/traefik.yml
      - ./acme.json:/certs/acme.json
      #- ./plugins-local:/etc/traefik/plugins-local
    restart: unless-stopped
    networks:
      - l09

networks:
  l09:
    external: true

I'm not sure where the plugins-local directory is supposed to be mapped in the docker image.

Also, in the traefik.config.yml I have this at the end : 

experimental:
  plugins:
    keycloakopenid:
      moduleName: "github.com/glacasa/keycloakopenid"
      version: "v0.2"

Not sure here what I should put (is moduleName the path inside plugins-local ? and what does version maps to ?)

Thanks for your help :)

Skiepp commented 9 months ago

You need to use localplugin to test it. Don't worry I can test it for you, just gimme some hours.

Skiepp commented 9 months ago

Review added, please fix errors

Skiepp commented 9 months ago

Thanks @glacasa, I can see you already fixed the error. Confirm working in Traefik 2.10.7

@Gwojda LGTM

Gwojda commented 9 months ago

Thanks for your help Skiepp, and thanks glacasa for your contribution :)

Released in 0.1.34