search

mesosphere / traefik-forward-auth

214 stars 46 forks source link

Get values from callback URL in to the application #67

Open rinshadka opened 2 years ago

rinshadka commented 2 years ago

Hi,

I have configured forward authentication keeping OIDC as a provider like below and the authentication process is working fine and landing to the URL -> http://nginx.local.com after successful authentication completed in Keycloak OIDC provider..

Note:- I have actually tried - thomseddon/traefik-forward-auth , not this particular project, But I guess the implementation is almost similar.

version: '3'
"networks":
  "network":
    "external":
      "name": "application"
services:
  nginx:
    image: nginx:latest
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`nginx.local.com`)"
      - "traefik.http.services.whoami.loadbalancer.server.port=80"
      - "traefik.http.routers.whoami.middlewares=traefik-forward-auth"
      - "traefik.http.middlewares.traefik-forward-auth.forwardauth.address=http://traefik-forward-auth:4181"
      - "traefik.http.middlewares.traefik-forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User"
      - "traefik.http.middlewares.traefik-forward-auth.forwardauth.trustForwardHeader=true"
    networks:
      - network

  traefik-forward-auth:
    image: thomseddon/traefik-forward-auth:2
    environment:
      - DEFAULT_PROVIDER=oidc
      - PROVIDERS_OIDC_ISSUER_URL=https://xxxxxx/auth/realms/xxxx
      - PROVIDERS_OIDC_CLIENT_ID=xxxxx
      - PROVIDERS_OIDC_CLIENT_SECRET=c0a7f708-cd2f-4c41-a6dc-xxxxxxx
      - PROVIDERS_OIDC_RESOURCE=
      # INSECURE_COOKIE is required if not using a https entrypoint
      - INSECURE_COOKIE=true
      - SECRET=random123
      - LOG_LEVEL=debug
    networks:
      - network

During the redirect process to URL -> nginx.local.com , I can see a callback URL also hitting nginx.local.com like below,

http://nginx.local.com/_oauth?state=3f3b9c183bff86f1b0651ecd5c4411da%3Aoidc%3Ahttp%3A%2F%2Fnginx.local.com%2F&session_state=6925685c-f2dd-4ca8-b2d0-7db97bdc4851&code=8a34dff2-0fda-40a9-861d-3bc640a5b93a.6925685c-f2dd-4ca8-b2d0-7db97bdc4851.xxxx

Also getting the cookie response like below,

{
    "Response Cookies": {
        "_forward_auth": {
            "domain": "nginx.local.com",
            "expires": "2022-05-20T18:50:34.000Z",
            "httpOnly": true,
            "path": "/",
            "value": "OJ2zDvO51zelaa_bgI5bVEXKqu4Tx0po58IH29Xcfc0=|1653072634|user@xxxx.com"
        },
        "_forward_auth_csrf": {
            "domain": "nginx.local.com",
            "expires": "2022-05-20T05:50:33.000Z",
            "httpOnly": true,
            "path": "/",
            "value": ""
        }
    }
}

We needed the value of the code= parameter from the query string of the callback URL to our application. We then changed the URL_PATH to an actual file - login.html kept at http://nginx.local.com/login.html, but again its not hitting that file. I guess since I am using the default Overlay Mode, it wont hit the actual file and pass those details to that file.

Actually we wanted the value of the code= parameter from the query string of the callback URL to our application. What all are the possible methods to fetch that value to our application.

Thanks.