greenpau
commented
4 months ago @WalterSchirmacher , please server the portal from β/auth/*β path. The settings are available via β/auth/profileβ
Closed WalterSchirmacher closed 4 months ago
greenpau
commented
4 months ago @WalterSchirmacher , please server the portal from β/auth/*β path. The settings are available via β/auth/profileβ
greenpau
commented
4 months ago @WalterSchirmacher , serve it from βauth.mywebsite.com/auth/β
WalterSchirmacher
commented
4 months ago I tried changing it to "auth/settings" (so https://auth.mywebsite.com/auth/settings" instead of " https://auth.mywebsite.com/settings") and it didn't work.
For reference, the "whoami" works and is located at https://auth.mywebsite.com/whoami".
Caddy is hosted on Ubuntu 22.04 (LTS) and the system is only about 2 months old. This is a fresh Caddy install.
I had a previous instance on a different box for a few months (an old Mac) but didn't reuse the Caddy file directly (though I did copy/paste some bits to avoid retyping). The Caddy Security users.json is newly setup to avoid any permission issues. I can provide the whoami info later tonight if that is helpful. Caddy is setup with its own user, and I double checked to ensure it has the appropriate RWX access for where everything is stored.
Thank you,
Walter B. Schirmacher @.***
On Sun, May 5, 2024 at 12:41β―AM Paul Greenberg @.***> wrote:
@WalterSchirmacher https://github.com/WalterSchirmacher , serve it from βauth.mywebsite.com/auth/β
β Reply to this email directly, view it on GitHub https://github.com/greenpau/caddy-security/issues/337#issuecomment-2094590863, or unsubscribe https://github.com/notifications/unsubscribe-auth/A5DDVMFATYYSU4OSY3XQJT3ZAWZ7HAVCNFSM6AAAAABHG64FRCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJUGU4TAOBWGM . You are receiving this because you were mentioned.Message ID: @.***>
greenpau
commented
4 months ago @WalterSchirmacher , there are no more "settings". It is "/auth/profile".
WalterSchirmacher
commented
4 months ago I tried /auth/profile and still get page not found. I also tried /profile with the same result.
greenpau
commented
4 months ago @WalterSchirmacher , please share the snippet how you are serving βauthenticate withβ directive.
WalterSchirmacher
commented
4 months ago Here are the relevant parts:
{ authentication portal myportal { crypto default token lifetime 86400 crypto key sign-verify {env.JWT_SHARED_KEY} enable identity store localdb cookie domain mydomain.url cookie lifetime 86400
ui {
"My Identity" "/whoami" icon "las la-user"
}
}
transform user {
match origin local
require mfa
}
transform user {
match email admin@example.com
ui link "My Portal Settings" /settings icon "las la-cog"
ui link "My Portal Settings" /profile icon "las la-cog"
ui link "My Portal Settings" /auth/profile icon "las la-cog"
ui link "My Portal Settings" /auth/settings icon "las la-cog"
}
transform user {
match email example@gmail.com
ui link "Portal Settings" /settings icon "las la-cog"
ui link "My Portal Settings" /profile icon "las la-cog"
ui link "My Portal Settings" /auth/profile icon "las la-cog"
ui link "My Portal Settings" /auth/settings icon "las la-cog"
}
}
authorization policy mypolicy {
set auth url https://auth.example.com
crypto key verify {env.JWT_SHARED_KEY}
allow roles authp/admin authp/user
validate bearer header
inject headers with claims
}}
*.mywebsite.com { encode gzip zstd import myHost
log {
output file /var/log/access.log
}
@test host test.mywebsite.com
handle @test {
authorize with mypolicy
reverse_proxy 192.168.0.160:8000 {
header_up Host {http.reverse_proxy.upstream.hostport}
}
}
#Authorize
@theauth host auth.mywebsite.com
handle @theauth {
authenticate with myportal
}
#Fallback for unhandled domains
handle {
abort
}}
greenpau
commented
4 months ago @WalterSchirmacher , the issue is here
@theauth host auth.mywebsite.com handle @theauth { authenticate with myportal }
you are serving it from β/β, you need to have a redirect from β/β to β/auth/β and handle the path β/auth*β
alyssondiasmec
commented
4 months ago I am with the same error, following routes are not accessible:
/auth/settings/auth/profileThis is my Caddyfile:
{
debug
https_port 443
order authenticate before respond
order authorize before basicauth
security {
local identity store localdb {
realm local
path /etc/caddy/users.json
}
authentication portal myportal {
crypto default token lifetime 2592000
enable identity store localdb
transform user {
match origin local
action add role authp/user
ui link "Portal Settings 1" /auth/profile icon "las la-cog"
ui link "Portal Settings 2" /auth/settings icon "las la-cog"
}
}
authorization policy mypolicy {
with api key auth portal myportal realm local
acl default allow
}
}
}
(internal_config) {
handle /auth* {
authenticate with myportal
}
}
:80 {
# import internal_config
redir https://caddy_edge{uri}
}
https://localhost:443, {$HOST_DOMAIN_ADDRESS} {
import internal_config
}
@WalterSchirmacher , the issue is here
@theauth host auth.mywebsite.com handle @theauth { authenticate with myportal }
you are serving it from β/β, you need to have a redirect from β/β to β/auth/β and handle the path β/auth*β
I tried to do this, however with no success.
I might be forgetting something.
ooiuri
commented
4 months ago @WalterSchirmacher , the issue is here @theauth host auth.mywebsite.com handle @theauth { authenticate with myportal } you are serving it from β/β, you need to have a redirect from β/β to β/auth/β and handle the path β/auth*β
I tried to do this, however with no success.
I might be forgetting something.
I was also facing the same issue with a very similar configuration and for me worked on putting the '/' at the end of the url, like:
mydomain.com/auth/profile/
for some reason:
mydomain.com/auth/profile would give me a 404 not found
alyssondiasmec
commented
4 months ago @WalterSchirmacher , the issue is here @theauth host auth.mywebsite.com handle @theauth { authenticate with myportal } you are serving it from β/β, you need to have a redirect from β/β to β/auth/β and handle the path β/auth*β
I tried to do this, however with no success. I might be forgetting something.
I was also facing the same issue with a very similar configuration and for me worked on putting the '/' at the end of the url, like:
mydomain.com/auth/profile/
for some reason:
mydomain.com/auth/profile would give me a 404 not found
Thanks @ooiuri. That was it!
Solved for my side.
WalterSchirmacher
commented
4 months ago Thank you @ooiuri - that was it for me as well.
Combining @greenpau change to /auth/profile (instead of settings) and adding the final / was the solution.
mydomain.com/auth/profile/ works.
greenpau
commented
4 months ago @WalterSchirmacher , please share your final config.
tribor
commented
4 months ago transform user {
match origin local
action add role authp/user
- ui link "My Portal Settings" /settings icon "las la-cog"
+ ui link "User Dashboard" /auth/profile/ icon "las la-cog"
}
When clicking on the Settings link, a "Page Not Found" page appears instead of the expected settings page.
Configuration
Version Information
Provide output of
caddy list-modules --versions | grep -E "(auth|security)"below:Expected behavior
The settings page would appear and be functional.