Comments (19)
Thank you for your time. I'm probably going to spend some time researching more and if I have any more questions I'll come back here
from vouch-proxy.
SWAG appears to be NGINX based but beyond that I'm not familiar enough with SWAG to offer you support.
https://github.com/linuxserver/docker-swag/blob/master/Dockerfile
Vouch Proxy is a "sidecar". The headers of every request are sent to VP via the auth_request
module.
I can't advise you on how to integrate SWAG + VP + Keycloak. Forgive me, I just don't have time to offer that level of support.
If you do get to the point where you have something working to the point where you're getting errors please read the README and offer the items describe there.
I'm going to close this for now but please do feel free to ask more questions here.
from vouch-proxy.
https://pastebin.com/h4XMkSt5
i get an ssl error and i think the authentication fails but i haven't been able to test due to this error
i can access the service locally and through nginx proxy manager when i remove
"auth_request /validate;"
i have set up keycloak like the pr i linked originally did changing to my domain and realm
i have no active sessions under my client id in keycloak
from vouch-proxy.
Well that's good progress!
Please do provide all configs and logs as described in the README
from vouch-proxy.
https://pastebin.com/1XWpjsxD
here are all the config
im unsure how to get the bugreport as im running vouch proxy using env vars not a config file and in docker compose would i just need to change the config volume to the env vars i use? And use docker run the same?
from vouch-proxy.
Don't worry about the bug report but please do include all logs from VP
That error is saying the browser got an http response even though you requested https in the URL.
Change line 111 to http
from vouch-proxy.
i changed line 111 and another line i can now access the testing page
here are the vouch logs from container startup
from vouch-proxy.
Getting closer.
Please do leave comments here instead of in the pastebin so we can be clear about what question you're asking.
Feel free to edit out the health check logs. Though everything else is very helpful.
Can you clarify what's happening now?
from vouch-proxy.
when i go a site which i enabled vouch proxy by adding
i get to the testing page
if i follow it to key cloak i get
"Invalid parameter: redirect_uri"
i looked at my redirect uri found i missed a colon fixed that
now when i follow the testing page link it takes me back to the testing page
from vouch-proxy.
What happens if you turn off testing?
from vouch-proxy.
without testing it takes me to the login i log in using the correct credentials and then i get 400 bad request
if i try to go to the same website again i just go straight to 400
from vouch-proxy.
Please turn on testing and update your pastebin with the current info
What happens after keycloak returns you to VP's / auth endpoint? What's the error in the logs? Try searching here and generally online for that error
I'm going to be afk for a while here. But it feels like you're closer
from vouch-proxy.
log in appears to be successful i see a 200 repsonse code auth has a 200
after authenticating it seems to error trying to read the json file
2024-02-15T19:24:14.807Z DEBUG id_token missing - may not be supported by this provider
2024-02-15T19:24:14.807Z DEBUG ptokens: accessToken length: 1641, IdToken length: 0
2024-02-15T19:24:14.824Z INFO OpenID userinfo body:
2024-02-15T19:24:14.824Z ERROR Error unmarshaling claims
2024-02-15T19:24:14.824Z ERROR unexpected end of JSON input
2024-02-15T19:24:14.824Z WARN /auth Error while retrieving user info after successful login at the OAuth provider: unexpected end of JSON input
2024-02-15T19:24:14.824Z DEBUG domain vouch.domain matched array value at [0]=gunnar.duckdns.org
2024-02-15T19:24:14.824Z DEBUG rendering error for user: 400 Bad Request
2024-02-15T19:24:14.824Z DEBUG CaptureWriter.Write set w.StatusCode 400
this occurs just after the successfully /auth
here is the full logs :
https://pastebin.com/YxqdrRGP
this mentions an incorrect scope
https://keycloak.discourse.group/t/how-to-get-the-id-token/17286/4
i havent changed my OAUTH_SCOPES varible and im not using a config so could the issue be i need to customise which scopes to use?
i added
OAUTH_SCOPES: |
openid
email
profile
and still get 400 bad request
from vouch-proxy.
When using keycloak the opening claim is changed and the claim is called preferred_username and not username. How do I change this in the config as that might fix the issue
from vouch-proxy.
i was looking through the config and i saw this
{"level":"info","ts":1708107741.7217891,"msg":"setting OAuth param 'claims' to null"}
im my compose file i have
OAUTH_CLAIMS: |
preferred_username
keycloak uses a different username claim called preferred_username instead of the default i configured a different service with just oauth2 and keycloak and also had to change this
do you know why this might be being blanked?
from vouch-proxy.
you need OAUTH_CLAIMS
because you are not using scopes:
from vouch-proxy.
I am setting oauth claims in my compose file however it's not being picked up if you look at the compose file at the bottom of here:
https://pastebin.com/sjLzgA7x
from vouch-proxy.
I am setting oauth claims in my compose file however it's not being picked up if you look at the compose file at the bottom of here: https://pastebin.com/sjLzgA7x
well it can be the problem of how you make docker container image.
you better first test it manually, may be inside container, by creating config file and run vouch proxy..and later figure out why those values are being ignored when using docker compose.
from vouch-proxy.
Okay I won't be able to do that until I'm home but thank you for the help I really appreciate it I'll report back when I've done that
from vouch-proxy.
Related Issues (20)
- Vouch 400 and Invalid session state when opening a previous tab or returning to a tab after the laptop and browser has gone to sleep HOT 14
- How to pass OAuth2 ADFS token to server application? HOT 2
- How to fix "oauth.callback_url must be within a configured domains where the cookie will be sent" HOT 1
- docker build fails with golang image version `golang:1.18` HOT 4
- passing IdP access token to app via `Authorization "Bearer $ACCESS_TOKEN"` from kubernetes ingress-nginx HOT 2
- Select first value in multi-valued claim HOT 4
- WebAuthn/passkeys/Direct email login support? HOT 3
- Snowflake OAuth as additional oauth provider
- Setting log level via environment variables does not work HOT 1
- support for one instance with both publicAccess: true and false at different roots HOT 1
- Is vouch-proxy abandonware? HOT 5
- When ModSecurity/naxsi and auth_request (Vouch Proxy) and HTTP/2 is enabled, POST/PUT requests hang HOT 12
- receive "Required String parameter 'redirect_uri' is not present" from Cognito when YAML is not properly formatted HOT 3
- Authenticate additional user accounts outside of Google domain HOT 2
- 400 Error with vouch in a path HOT 11
- scope of nginx auth_request_set HOT 1
- Vouch Loses Redirect URL upon re-authorization HOT 1
- feat: Storage Backend for jwt cache HOT 2
- Whitelist IP CIDRs? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vouch-proxy.