Closed larsr closed 8 months ago
I was in a similar situation as you today, and found something that works by searching all code on GitHub. Small consolation a month later, I'm sure.
The key is to not actually configure the login.microsoftonline.com URL; you don't set that anywhere, caddy-security calculates it from the tenant ID. You instead set a local, relative URL that goes through the caddy-security authentication portal's azure handler.
Describe the issue
Im trying to authenticate with azure, but the request needs to send the
client_id
,scope
and a few more as http GET arguments, but it is not sending any arguments, so the login page at microsoft complains.It is probably due to a misconfiguration on my part. I would be grateful for any help about how to configure this correctly.
I have not found any directly working documentation, as the syntax both for caddy and caddy-security has changed and made many online examples out of date. If I get this to work I could try to add a config example to the documentation to the benefit of others. (here is one that seems out of date https://www.youtube.com/watch?v=Mxbjfv47YiQ)
Thanks for a very useful plugin!
Configuration
Version Information
Provide output of
caddy list-modules -versions | grep git
below:Expected behavior
I expect the authenticator to forward the client to the
auth url
and add the?client_id=...
parameter and more. Now it forwards to the url without any parameters.Additional context
Background: I want to set up a "wall" that protects many web apps with a single caddy instance that does all the authentication and authorization, and puts user identity (sub, ...) in http header fields.