search

nokia / kong-oidc

OIDC plugin for Kong
Apache License 2.0
461 stars 331 forks source link

feat(proxy): add ability to enable http/https proxy #85

Open trollr opened 5 years ago

trollr commented 5 years ago

Add http and https proxy. Useful if you're in a corporate network

coveralls commented 5 years ago

Pull Request Test Coverage Report for Build 110

Totals Coverage Status
Change from base Build 109: 0.1%
Covered Lines: 124
Relevant Lines: 129
💛 - Coveralls
Trojan295 commented 5 years ago

Thanks for the PR!

I'll try to check this on Monday (when actually behind a corporate proxy).

Apohg commented 5 years ago

Hi,

Is this feature still planed?

It seems I have a proxy issue and it could be very useful for me.

My Kong container have proxy env vars http_proxy & https_proxy. I also tried KONG_HTTP_PROXY & HTTP_PROXY but i still have the same error.

If I use curl in my container, I can access to my URL (after http_proxy env vars have been added).

But oidc-plugin still gives me dns issues. And it seems he's not using proxy parameters. openidc_configure_proxy(): openidc_configure_proxy : don't use http proxy

So I'm not sure if it's a classic behavior of the plugin or not to not use proxy env vars ? Is there a way around this problem?

Debug:

 2019/01/25 15:00:40 [debug] 43#0: *914 [lua] openidc.lua:467: openidc_discover(): openidc_discover: URL is: http://xxx
 2019/01/25 15:00:40 [debug] 43#0: *914 [lua] openidc.lua:473: openidc_discover(): discovery data not in cache, making call to discovery endpoint
 2019/01/25 15:00:40 [debug] 43#0: *914 [lua] openidc.lua:354: openidc_configure_proxy(): openidc_configure_proxy : don't use http proxy
 2019/01/25 15:00:40 [debug] 43#0: *914 [lua] http.lua:633: send_request(): 
 GET /connexion/oauth2/realm/.well-known/openid-configuration HTTP/1.1
 User-Agent: lua-resty-http/0.12 (Lua) ngx_lua/10013
 Host: xxx

 2019/01/25 15:00:40 [debug] 43#0: *914 [lua] openidc.lua:485: openidc_discover(): response data: {"id_token_encryption_alg_values_supported":["RSA1_5"],"response_types_supported":["token id_token","code token","code token id_token","token","code id_token","code","id_token"],"registration_endpoint":"http://xxx/connect/register","token_endpoint":"http://xxx/access_token","end_session_endpoint":"http://xxx/connect/endSession","scopes_supported":[],"acr_values_supported":[],"version":"3.0","userinfo_endpoint":"http://xxx/userinfo","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"subject_types_supported":["public"],"issuer":"XXX/oatuh2/realm","id_token_encryption_enc_values_supported":["XXX"],"claims_parameter_supported":false,"jwks_uri":"http:XXX/jwk_uri","id_token_signing_alg_values_supported":["XXX"],"check_session_iframe":"http://xxx/checkSession","claims_supported":["id"],"authorization_endpoint":"http://xxx/authorize"}
 2019/01/25 15:00:40 [debug] 43#0: *914 [lua] openidc.lua:1036: openidc_get_token_auth_method(): 1 => client_secret_post
 2019/01/25 15:00:40 [debug] 43#0: *914 [lua] openidc.lua:1038: openidc_get_token_auth_method(): configured value for token_endpoint_auth_method (client_secret_post) found in token_endpoint_auth_methods_supported in metadata
 2019/01/25 15:00:40 [debug] 43#0: *914 [lua] openidc.lua:1066: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_post
 2019/01/25 15:00:40 [debug] 43#0: *914 [lua] openidc.lua:1203: authenticate(): session.present=true, session.data.id_token=true, session.data.authenticated=true, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
 2019/01/25 15:00:40 [debug] 43#0: *914 [lua] openidc.lua:1244: authenticate(): id_token={"azp":"kong","iat":1548428439,"iss":"http:\/\/XXXX","nonce":"7fc93689b87e2bf2fa0ed3236655a9a7","given_name":"test","tokenType":"JWTToken","tokenName":"id_token","auditTrackingId":"XXX-XXX-XXX-XXX","name":"testname","updated_at":"0"}
 2019/01/25 15:00:40 [debug] 43#0: *914 [lua] handler.lua:25: OidcHandler done
 2019/01/25 15:00:40 [error] 43#0: *914 [lua] balancer.lua:806: execute(): [dns] dns server error: 3 name error. Tried: (short)url.org:(na) - cache-miss
 url.org:33 - cache-miss/scheduled/querying/dns server error: 3 name error
 url.org.domain.intra:33 - cache-miss/scheduled/querying/dns server error: 3 name error
 url.org:1 - cache-miss/scheduled/querying/dns server error: 3 name error
 url.fr.domain.org:1 - cache-miss/scheduled/querying/dns server error: 3 name error
 url.org:5 - cache-miss/scheduled/querying/dns server error: 3 name error
 url.org.domain.intra:5 - cache-miss/scheduled/querying/dns server error: 3 name error

Thank you !