I have caddy-security configured to authenticate a reverse proxy.
Password authentication works fine, but the /settings endpoint produces a page-not-found error even for authenticated users - I can't find any way to reach it.
Configuration
Caddyfile (hostnames etc modified):
{
email name@example.com
order authenticate before respond
order authorize before reverse_proxy
debug
security {
local identity store localdb {
realm local
path /var/lib/caddy/auth/users.json
}
authentication portal myportal {
enable identity store localdb
cookie domain example.com
cookie lifetime 86400
transform user {
match origin local
action add role authp/user
ui link "Portal Settings" /settings icon "las la-cog"
}
}
authorization policy user_policy {
set auth url https://auth.example.com/
allow roles authp/user
}
}
}
auth.example.com {
authenticate with myportal
}
app.example.com {
authorize with user_policy
reverse_proxy https://127.0.0.1:1234 {
transport http {
tls_insecure_skip_verify
}
}
}
When logged in, the /whois endpoint works and shows the user has both the authp/user and authp/guest roles. My understanding from the docs is this should allow access to the /settings endpoint, for password change, MFA setup etc.
The result is a "Page Not Found" error, same as shown for any non-existent authentication portal path.
Describe the issue
I have caddy-security configured to authenticate a reverse proxy.
Password authentication works fine, but the /settings endpoint produces a page-not-found error even for authenticated users - I can't find any way to reach it.
Configuration
Caddyfile (hostnames etc modified):
Version Information
Expected behavior
When logged in, the /whois endpoint works and shows the user has both the
authp/user
andauthp/guest
roles. My understanding from the docs is this should allow access to the /settings endpoint, for password change, MFA setup etc.The result is a "Page Not Found" error, same as shown for any non-existent authentication portal path.