search

casdoor / casdoor

An open-source UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, RADIUS, Google Workspace, Active Directory and Kerberos
https://casdoor.org
Apache License 2.0
9.2k stars 1.09k forks source link

Casdoor forward auth on Caddy #2972

Open excaliburzarau opened 1 month ago

excaliburzarau commented 1 month ago

Hello guys,

I am currently trying to implement casdoor on my homelab. I currently have Caddy reverse proxy on my system.

I tried to find documentation on forward auth for Casdoor with Caddy without success.

I was able to find how it should work for Authentik as seem below.

app.company {

always forward outpost path to actual outpost

reverse_proxy /outpost.goauthentik.io/* http://outpost.company:9000

# forward authentication to outpost
forward_auth http://outpost.company:9000 {
    uri /outpost.goauthentik.io/auth/caddy

    # capitalization of the headers is important, otherwise they will be empty
    copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version

    # optional, in this config trust all private ranges, should probably be set to the outposts IP
    trusted_proxies private_ranges
}

# actual site configuration below, for example
reverse_proxy localhost:1234

}

I believe it should be similar but not quite.

Did anyone implement this on Caddy that can provide an example of how my Caddyfile should be for Casdoor forward auth?

Best Regards

casbin-bot commented 1 month ago

@tangyang9464 @JalinWang @imp2002