We are running traefik version 2.6.1 bundled with a Rancher k3s cluster running version v1.22.7+k3s1.
traefik-forward-auth is running in auth-host mode.
When the traefik-forward-auth server is behind an IngressRoute, when redirecting back from the OIDC authentication server, it does not handle the callback, but instead redirects back to the OIDC server, and it cycles between those two servers.
This is because the X-Forwarded-Uri is not set by the IngressRoute in our instance, therefore authentication.GetRequestURI() returns a path of / which strips off the /_oauth path before it can be handled on callback.
The solution here is to not change the URL if X-Forwarded-Uri is unset or is empty.
We are running traefik version 2.6.1 bundled with a Rancher k3s cluster running version v1.22.7+k3s1.
traefik-forward-auth is running in auth-host mode.
When the traefik-forward-auth server is behind an IngressRoute, when redirecting back from the OIDC authentication server, it does not handle the callback, but instead redirects back to the OIDC server, and it cycles between those two servers.
This is because the X-Forwarded-Uri is not set by the IngressRoute in our instance, therefore
authentication.GetRequestURI()returns a path of/which strips off the/_oauthpath before it can be handled on callback.The solution here is to not change the URL if X-Forwarded-Uri is unset or is empty.