Open pythrick opened 1 year ago
Hi, are you using another loadbalancer or proxy in front of Skipper? If so, I think you should be able to setup the headers in that proxy (see e.g. for nginx and apache : https://shinyproxy.io/documentation/security/ )
Note that we released the ShinyProxy Operator 2.0.0 last week, this release no longer requires the usage of Skipper. Therefore, it should be easier to deploy everything.
I had a bad time trying to find the right annotations to put inside docs/deployment/overlays/1-namespaced-hpa/skipper/ingress.yaml
, until I've figured out that I can set these forwared headers using params to skipper cli command inside docs/deployment/bases/namespaced/skipper-hpa/deployment.yaml
, and it fixed my issue:
I'll give a try to the new release as well, good to know you're in active development, thanks!
I am using ShinyProxy operator in AWS EKS 1.24 following the
1-namespaced-hpa
example. I have integrated an OIDC authentication flow using WSO2 provider, but I am encountering an issue with the redirect_uri generated by ShinyProxy. The redirect_uri is being generated withhttp
schema instead ofhttps
, which is causing issues with the WSO2 provider.I have attempted to resolve this issue by following the suggestions in the ShinyProxy FAQ for Invalid redirect_uri when using OpenID Connect, including injecting
X-Forwarded-For
andX-Forwarded-Proto
custom headers into the skipper-ingress annotations. This did result in thehttps
schema being injected into the redirect_uri, but also caused a:80
port to be injected at the end of the URI. For example:https://my-shinyproxy-url.com:80/oauth2/authorization/shinyproxy
Expected Behavior: The redirect_uri generated by ShinyProxy should have the
https
schema and should not include a port number.Environment:
ShinyProxy Operator version: 1.0.0 K8s cluster: AWS EKS 1.24
I would appreciate your assistance in resolving this issue. Thank you!