Open omegion opened 1 year ago
axel7083
commented
11 months ago We have a case where we would also requires argo-cd to accept JWT from header. We have an Istio Gateway configured with oauth2-proxy EnvoyFilter.
The only work around to access argo-cd was to configured argo-cd to our oidc. This make the system redundant, we login a first time with our oidc to please the oauth2 proxy, and then we need to authentificate again for argo-cd.
jimmyjones2
commented
11 months ago @axel7083 Could you explain how this can be configured please? I've got CloudFlare Zero Trust in front of ArgoCD which sets a JWT for the user authenticated by Cloudflare. How can I configure ArgoCD to trust and use this JWT?
axel7083
commented
11 months ago Hey @jimmyjones2 I don't recall all the steps exactly, but I configured the SSO with an oidc, you can found the tutorial for dex here
I was not able to achieve using the JWT from the header, I add to make the argocd connect to my oidc provider. I opened a PR to add this as a feature.
commander-keenbean
commented
1 month ago I also need support for this use case. I want ArgoCD to expect a JWT in the Authorization header. All it needs to do is validate the signature and then use the JWT as it would if it had been the one carrying out oauth2/oidc
Is there a way to have argocd accept a JWT and validate it without going through the auth flow?
Summary
We are using an AWS Application load balancer with an OIDC provider in front of ArgoCD. Currently, ArgoCD cannot get JWT from AWS and authenticate us into ArgoCD. Instead, we need to setup another SSO again.
In this setup, we cannot use
argocdCLI since we have an SSO setup in front of the ArgoCD. It would be great if ArgoCD reads JWT passed down and authenticate the user based on that.Configuring ArgoCD to accept a JWT token provided in the HTTP header.
Motivation
argocdCLI with load balancer layer SSO.Proposal