Open odino opened 6 years ago
@odino - which version of Istio ?? I just used this https://github.com/kameshsampath/istio-keycloak-demo/blob/master/cars-api/src/istio/mixer-rule-only-authorized.yaml ( this version seem to be stable for me with Istio 0.5.0) for adding the authorization check ideally this suited for demo purposes from various Istio Security threads I did see that they are refactoring the JWT - not sure something might be broken in new version . Can check and tell.
with request.headers["authorization"] == "unauthorized" requests with no Authorization header go through thats the expected behaviour
CC: @sebastienblanc
I'm using 0.5, I see lots going on around the jet stuff but so far it's fairly undocumented so quite hard to work :) your tutorial was a blessing!
On Feb 15, 2018 6:03 PM, "Kamesh Sampath" notifications@github.com wrote:
@odino https://github.com/odino - which version of Istio ?? I just used this https://github.com/kameshsampath/istio-keycloak- demo/blob/master/cars-api/src/istio/mixer-rule-only-authorized.yaml ( this version seem to be stable for me with Istio 0.5.0) for adding the authorization check ideally this suited for demo purposes from various Istio Security threads I did see that they are refactoring the JWT - not sure something might be broken in new version . Can check and tell.
with request.headers["authorization"] == "unauthorized" requests with no Authorization header go through thats the expected behaviour
CC: @sebastienblanc https://github.com/sebastienblanc
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/kameshsampath/istio-keycloak-demo/issues/5#issuecomment-365936023, or mute the thread https://github.com/notifications/unsubscribe-auth/AAUC5BFcK9mkWTioBF3YrGQcghJyM_hOks5tVDk3gaJpZM4SGcUl .
Hi @kameshsampath -- great work here!
I was wondering how did you manage to make sure that the
Authorization
header is present to allow the request? I've setup a similar repo but:(request.headers["authorization"]|"unauthorized") == "unauthorized"
then requests with a valid token get rejected (I suspect because the JWT auth listener removes the Authorization header altogether)request.headers["authorization"] == "unauthorized"
requests with no Authorization header go throughAny idea? I think you faced something similar (mentioned here) but it's not clear to me how you solved it.