Multiple auth requests

[plakun]

Hello, we have a unsecured web-server with swagger and static pages. When i use ldapuath plugin to acces static page it shows me basic auth request and after entering credentials page opens. If i reload page, auth is required again, but i cant authenticate. After entering creds auth request opens again and again. Thats what i see in logs:

Aug 31 11:43:31 infra-internal-lb-01 traefik[3818996]: DEBUG: ldapAuth: 2023/08/31 11:43:31 restricted.go:51: User: 'uid=plakun,cn=users,cn=accounts,dc=domain1,dc=domain2' found in Group: 'cn=test,cn=groups,cn=accounts,dc=domain1,dc=domain2'
Aug 31 11:43:31 infra-internal-lb-01 traefik[3818996]: INFO: ldapAuth: 2023/08/31 11:43:31 restricted.go:51: Authentication succeeded
Aug 31 11:43:34 infra-internal-lb-01 traefik[3818996]: DEBUG: ldapAuth: 2023/08/31 11:43:34 restricted.go:51: Session details: &{ map[authenticated:true username:plakun] 0xc000a5bc40 false {0xc0027e6140 {0xc00163ef00 0xc000013080 406}} ldapAuth_session_token}
Aug 31 11:43:34 infra-internal-lb-01 traefik[3818996]: DEBUG: ldapAuth: 2023/08/31 11:43:34 restricted.go:51: Session token Valid! Passing request...
Aug 31 11:43:39 infra-internal-lb-01 traefik[3818996]: DEBUG: ldapAuth: 2023/08/31 11:43:39 restricted.go:51: Session details: &{ map[authenticated:true username:plakun] 0xc0013dfd80 false {0xc0027e6140 {0xc00163ef00 0xc00188d570 406}} ldapAuth_session_token}
Aug 31 11:43:39 infra-internal-lb-01 traefik[3818996]: DEBUG: ldapAuth: 2023/08/31 11:43:39 restricted.go:51: Session token Valid! Passing request...
Aug 31 11:43:39 infra-internal-lb-01 traefik[3818996]: DEBUG: ldapAuth: 2023/08/31 11:43:39 restricted.go:51: Session details: &{ map[authenticated:true username:plakun] 0xc002085780 false {0xc0027e6140 {0xc00163ef00 0xc00090c8d8 406}} ldapAuth_session_token}
Aug 31 11:43:39 infra-internal-lb-01 traefik[3818996]: DEBUG: ldapAuth: 2023/08/31 11:43:39 restricted.go:51: Session token Valid! Passing request...
Aug 31 11:43:41 infra-internal-lb-01 traefik[3818996]: DEBUG: ldapAuth: 2023/08/31 11:43:41 restricted.go:51: Session details: &{ map[authenticated:true username:plakun] 0xc002879400 false {0xc0027e6140 {0xc00163ef00 0xc00090d758 406}} ldapAuth_session_token}
Aug 31 11:43:41 infra-internal-lb-01 traefik[3818996]: DEBUG: ldapAuth: 2023/08/31 11:43:41 restricted.go:51: Session token Valid! Passing request...

Same behavior is when i open swagger-ui page.

My config:

http:
  middlewares:
    ldap-auth:
      plugin:
        ldapAuth:
          Attribute: "uid"
          BaseDn: "cn=users,cn=accounts,dc=domain1,dc=domain2"
          Enabled: true
          Url: "ldap://freeipa.local"
          LogLevel: "DEBUG"
          wwwAuthenticateHeader: true
          cacheTimeout: 300
          allowedGroups:
            - cn=test,cn=groups,cn=accounts,dc=domain1,dc=domain2

Try to test in Postman. First GET request to swagger-ui with basic auth headers gets 200\OK. Another request with same cookie that i'v got at first try gives me: {"timestamp":"2023-08-31T08:49:36.511+00:00","status":401,"error":"Unauthorized","path":"/swagger-ui/index.html"}

[wiltonsr]

Hi, @plakun

Thanks for reporting this issue.

Could you provide a MRE?

I made a test using FastAPI that also uses Swagger and couldn't reproduce your issue.

[plakun]

Unforunatly no :( we use ldapAuth only on one webserver with self-made backend that can't be published in internet. Can you reproduce issue with static page reload?

[wiltonsr]

The examples dir uses static pages and I can't reproduce the error.

one webserver with self-made backend that can't be published in internet.

Would it be possible to provide a simple MRE based on this backend? Only one route/page it's enough. Something like this main.py from FastAPI.

from typing import Union

from fastapi import FastAPI

app = FastAPI()

@app.get("/")
def read_root():
    return {"Hello": "World"}

[plakun]

found the problem in our backend that prevented auth with ldap-auth-cookie. Thx for help.