Comments (6)
@Hmr-ramzi I am able to get the Keycloak integration working with Kubeflow. I was also facing the issue where after authentication redirection was failing. I resolved it by updating Valid redirect URIs configuration at Keycloak's Kubeflow client to *
hi i have deploy the kubeflow with dex can you tell me how to replace dex with keyclock for the existing kubeflow setup
from oidc-authservice.
@mohamed-fazil-saleem did u solve the logout part??
I changed /logout to keycloak session logout page directly, but it seems oidc doesn't revoke session.
from oidc-authservice.
@Hmr-ramzi Did you get it working?
from oidc-authservice.
@Hmr-ramzi I am able to get the Keycloak integration working with Kubeflow. I was also facing the issue where after authentication redirection was failing. I resolved it by updating Valid redirect URIs configuration at Keycloak's Kubeflow client to *
from oidc-authservice.
@ShilpaGopal I would strongly discourage this setting:
updating Valid redirect URIs configuration at Keycloak's Kubeflow client to *
as it's one of the most usual reasons for OAuth-OIDC related hacks. For example:
- Using the implicit grant flow (
response_type=token
), an attacker can steal a user's access token by constructing a a login link that redirects (and sends the token) to an attacker-controlled website. - Using the auth code flow, an attacker can steal a user's auth code and state by constructing a a login link that redirects (and sends the code and state) to an attacker-controlled website. Then, the attacker can present them to the client and login as the user.
Both of those attacks are prevented by using specific redirect urls and validating them. See:
- https://habr.com/en/post/449182/
- http://blog.intothesymmetry.com/2015/06/on-oauth-token-hijacks-for-fun-and.html
- https://tools.ietf.org/id/draft-ietf-oauth-security-topics-06.html#rfc.section.3.1
from oidc-authservice.
@yanniszark Thanks for the input. In my use-case its for internal use only. But, I see your point I will try by adding specific redirect URLs.
from oidc-authservice.
Related Issues (20)
- Enable oidc-authservice repository CI for power(ppc64le) architecture. HOT 4
- External Authentication with Updated OIDC authservice image HOT 1
- Wildcard support for GROUPS_ALLOWLIST
- Authservice pod "Failed to save state in store: error trying to save session: input/output error" HOT 4
- ERROR: CSRF check failed. This may happen if you opened the login form in more than 1 tabs. Please try to login again. HOT 6
- Set LOG_LEVEL not work HOT 4
- Getting access denied 403 from OIDC login with Azure AD in Kubeflow HOT 1
- all URIs are whitelisted and cannot be secured by OIDC provider HOT 1
- OIDC authentication repeating and getting session timed out HOT 2
- Support Secure and HttpOnly flags in session cookie HOT 2
- x509: certificate signed by unknown authority-While deploying Kubeflow
- STORE_PATH option isn't honoured HOT 1
- Authservice validation HOT 1
- /var/lib/authservice
- Sessions are not cleaned up when using bolt db
- Possibly memory leak HOT 2
- Update container image on gcr.io HOT 1
- Failed to exchange authorization code with token: oauth2: cannot fetch token: 400 Bad Request Using Azure AD OIDC HOT 3
- how to get user info by session token?
- Access kubeflow from path "/kubeflow" instead of "/" HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oidc-authservice.