search

sevensolutions / traefik-oidc-auth

🧩 A traefik Plugin for securing the upstream service with OpenID Connect acting as a relying party.
https://github.com/sevensolutions/traefik-oidc-auth
MIT License
8 stars 1 forks source link

I can confirm this works with kanidm #12

Open ieugen opened 3 days ago

ieugen commented 3 days ago

Hello,

I tried this plugin with kanidm 1.3.3 https://github.com/kanidm/kanidm

I've tested it with the docker compose test setup of traefik-oidc-auth . 

# Configure oauth2 app for https://github.com/sevensolutions/traefik-oidc-auth.git

kanidm system oauth2 create my-app "My Awesome app" https://app.example.com

kanidm system oauth2 add-redirect-url my-app https://app.example.com
kanidm system oauth2 add-redirect-url my-app http://localhost:8080
kanidm system oauth2 add-redirect-url my-app http://localhost:9080

# Create group for app access
kanidm group create my_app_users --name idm_admin
kanidm group add-members my_app_users bob --name idm_admin
kanidm group add-members my_app_users alice --name idm_admin

kanidm system oauth2 update-scope-map my-app my_app_users openid email profile

kanidm system oauth2 show-basic-secret my-app

PROVIDER_URL=https://idm.example.com/oauth2/openid/my-app
CLIENT_ID=my-app
CLIENT_SECRET=____REDACTED___
sevensolutions commented 2 days ago

Hi @ieugen great to hear that and thanks for sharing this information. 👍

ieugen commented 2 days ago

Using this middleware config:

    my-oidc:
      plugin:
        traefik-oidc-auth:
          Provider:
            UrlEnv: "PROVIDER_URL"
            ClientIdEnv: "CLIENT_ID"
            ClientSecretEnv: "CLIENT_SECRET"
            UsePkce: true 
          Scopes: ["openid", "profile", "email"]
          Headers:
            MapClaims:
              - Claim: "preferred_username"
                Header: "X-Oidc-Username"
              - Claim: "sub"
                Header: "X-Oidc-Subject"