search

louketo / louketo-proxy

A OpenID / Proxy service
Apache License 2.0
950 stars 345 forks source link

Don't send basic auth header #679

Open vasilievs opened 4 years ago

vasilievs commented 4 years ago

i want to use oauth proxy for kibana authentication. They are covered by Basic Authentication (i cannot turn it off). but, I want to pass a header (in nginx or curl I do this: proxy_set_header Authorization "Basic bmdpbng6c2VjcmV0cGFzc3dvcmQ =") and it works.

when trying to specify a custom header in a command block:

version: '2.4'
services:
  proxy:
    container_name: kibana-proxy
    image: {{ kibana_proxy_image_version }}
    command:
    - --discovery-url={{kibana_proxy_auth_url}}
    - --client-id={{kibana_proxy_clientd_id}}
    - --client-secret={{kibana_proxy_clientd_secret}}
    - --listen=: {{kibana_port}}
    - --redirection-url=https: // {{ansible_fqdn}}: {{kibana_port}}
    - --upstream-url=http: //127.0.0.1: {{kibana_internal_port}}
    - --headers="Basic bmdpbng6c2VjcmV0cGFzc3dvcmQ ="

I get an error

[error] invalid tag '"Authorization = Basic bmdpbng6c2VjcmV0cGFzc3dvcmQ ="' should be key = pair Is this a bug or I cannot pass this header through louketo-proxy?

Environment

Version of everything that it's running in your environment:

vasilievs commented 4 years ago

The fix on the problem was even described? https://github.com/louketo/louketo-proxy/pull/455

sandeepbangera commented 4 years ago

@vasilievs I think you have an error in the config. The format is --headers=headerName=headerValue:

Try changing to below: - --headers="Authorization=Basic bmdpbng6c2VjcmV0cGFzc3dvcmQ="

If you notice there is an extra space before = at end in your example which does not look right - --headers="Basic bmdpbng6c2VjcmV0cGFzc3dvcmQ = and also the missing header name.
I assume the above does not work due to #455.

Just saw an error in your original post. Its possible even if you fix it, It will still not work due to #455 OR maybe you tried the correct way and posted the wrong config.

sandeepbangera commented 4 years ago

The code here https://github.com/louketo/louketo-proxy/blob/master/utils.go#L214 definitely does not look right to me. It should be looking for the first = in the string and split it. It should throw an error only if there is no occurence of = in the string. When you do a base64 encode of the string it will contain = character 👎

vasilievs commented 4 years ago

thanks for your answer.

Yes, i used correct header, the github markdown corrected my post.

- --headers="Authorization=Basic bmdpbng6c2VjcmV0cGFzc3dvcmQ="

it doesn't work.

In base64 encode password i don't select characters (depends on login:pass phrase)

vasilievs commented 4 years ago

update i generated user: pass for kibana without '=' charecters in encode base64 - --headers="Authorization=Basic dXNlcjE6MTIzNDU2Nzg5" No error in louketo logs, but after autorization next error: net / http: invalid header field name" \ "Authorization" maybe it's because of the space in string ?

sc7565 commented 4 years ago

We are also stuck, in same boat.. any leads would really help..