search

greenpau / caddy-security

🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐
https://authcrunch.com/
Apache License 2.0
1.49k stars 73 forks source link

How to exclude a subdomain from auth? #354

Open JostBrand opened 3 months ago

JostBrand commented 3 months ago

I have setup the portal with a local identity store for a couple of subdomains, but I want to exclude some of them from authentication.

I tried creating a policy with an ACL rule:

authorization policy guest_policy{
acl default allow
}
sub.domain {
        authorize with guest_policy
        reverse_proxy  http://localhost:2159
}

But this results in log messages like this {"level":"error","ts":1721422897.239201,"logger":"http.handlers.authentication","msg":"auth provider returned error","provider":"authorizer","error":"user authorization failed: src_ip=172.20.0.1, src_conn_ip=172.20.0.1, reason: no token found"}

When accessing the domain https://sub.domain it gets replaced to https://sub.domain/auth?redirect_url=https%3A%2F%2Fsub.domain%2F and I end up with a blank page.