Hi everyone, I have a question related to the <Err...
# talk-oathkeeperh
high-gpu-580
12/04/2023, 1:16 AMHi everyone, I have a question related to the Error Handler with the
redirect Copy code
# oathkeeper.yaml
# ...
errors:
handlers:
redirect:
enabled: true
config:
to: <http://app.lc/login>
return_to_query_param: continue
when:
- error:
- unauthorized
- forbiddencontinue Copy code
# access-rules.yaml
- id: whoami:page-private
version: v0.40.6
upstream:
url: <http://whoami>
preserve_host: false
match:
url: <http://oathkeeper:4455/pages/private><(/.*)?>
methods:
- GET
- POST
- PUT
- DELETE
- PATCH
- OPTIONS
authenticators:
- handler: cookie_session
authorizer:
handler: allow
mutators:
- handler: header
errors:
- handler: redirect Copy code
{"http_request":{"headers":{"accept":"application/json","accept-encoding":"gzip, deflate, br","connection":"keep-alive","user-agent":"got (<https://github.com/sindresorhus/got>)","x-forwarded-for":"172.19.0.1","x-forwarded-host":"<http://whoami.lc|whoami.lc>","x-forwarded-path":"/pages/private","x-forwarded-port":"8000","x-forwarded-proto":"http","x-kong-request-id":"facbf508e60b1d6411826d0cbafc0e00","x-real-ip":"172.19.0.1"},"host":"oathkeeper:4455","method":"GET","path":"/pages/private","query":null,"remote":"172.19.0.11:60092","scheme":"http"},"level":"info","msg":"started handling request","time":"2023-12-04T01:12:48.105434044Z"}
{"audience":"application","error":{"debug":"","message":"Access credentials are invalid","reason":"","stack_trace":"\<http://ngithub.com/ory/oathkeeper/proxy.(*requestHandler).HandleRequest|ngithub.com/ory/oathkeeper/proxy.(*requestHandler).HandleRequest>\n\t/project/proxy/request_handler.go:236\ngithub.com/ory/oathkeeper/proxy.(*Proxy).Rewrite\n\t/project/proxy/proxy.go:133\nnet/http/httputil.(*ReverseProxy).ServeHTTP\n\t/usr/local/go/src/net/http/httputil/reverseproxy.go:433\ngithub.com/urfave/negroni.Wrap.func1\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:46\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/ory/x/corsx.ContextualizedMiddleware.func1\n\t/go/pkg/mod/github.com/ory/x@v0.0.565/corsx/middleware.go:26\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/ory/x/reqlog.(*Middleware).ServeHTTP\n\t/go/pkg/mod/github.com/ory/x@v0.0.565/reqlog/middleware.go:142\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/ory/oathkeeper/metrics.(*Middleware).ServeHTTP\n\t/project/metrics/middleware.go:103\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/ory/x/metricsx.(*Service).ServeHTTP\n\t/go/pkg/mod/github.com/ory/x@v0.0.565/metricsx/middleware.go:272\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/urfave/negroni.(*Negroni).ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:96\ngo.opentelemetry.io/contrib/instrumentation/net/http/otelhttp.(*Handler).ServeHTTP\n\t/go/pkg/mod/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.36.4/handler.go:204\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2936\nnet/http.(*conn).serve\n\t/usr/local/go/src/net/http/server.go:1995\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1598","status":"Unauthorized","status_code":401},"granted":false,"http_host":"oathkeeper:4455","http_method":"GET","http_url":"<http://oathkeeper:4455/pages/private>","http_user_agent":"got (<https://github.com/sindresorhus/got>)","level":"warning","msg":"No authentication handler was responsible for handling the authentication request","reason_id":"authentication_handler_no_match","rule_id":"whoami:page-private","service_name":"ORY Oathkeeper","service_version":"v0.40.6","time":"2023-12-04T01:12:48.105826497Z"}
{"audience":"application","error":{"debug":"","message":"Access credentials are invalid","reason":"","stack_trace":"\<http://ngithub.com/ory/oathkeeper/proxy.(*requestHandler).HandleRequest|ngithub.com/ory/oathkeeper/proxy.(*requestHandler).HandleRequest>\n\t/project/proxy/request_handler.go:236\ngithub.com/ory/oathkeeper/proxy.(*Proxy).Rewrite\n\t/project/proxy/proxy.go:133\nnet/http/httputil.(*ReverseProxy).ServeHTTP\n\t/usr/local/go/src/net/http/httputil/reverseproxy.go:433\ngithub.com/urfave/negroni.Wrap.func1\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:46\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/ory/x/corsx.ContextualizedMiddleware.func1\n\t/go/pkg/mod/github.com/ory/x@v0.0.565/corsx/middleware.go:26\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/ory/x/reqlog.(*Middleware).ServeHTTP\n\t/go/pkg/mod/github.com/ory/x@v0.0.565/reqlog/middleware.go:142\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/ory/oathkeeper/metrics.(*Middleware).ServeHTTP\n\t/project/metrics/middleware.go:103\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/ory/x/metricsx.(*Service).ServeHTTP\n\t/go/pkg/mod/github.com/ory/x@v0.0.565/metricsx/middleware.go:272\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/urfave/negroni.(*Negroni).ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:96\ngo.opentelemetry.io/contrib/instrumentation/net/http/otelhttp.(*Handler).ServeHTTP\n\t/go/pkg/mod/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.36.4/handler.go:204\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2936\nnet/http.(*conn).serve\n\t/usr/local/go/src/net/http/server.go:1995\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1598","status":"Unauthorized","status_code":401},"granted":false,"http_host":"oathkeeper:4455","http_method":"GET","http_url":"<http://oathkeeper:4455/pages/private>","http_user_agent":"got (<https://github.com/sindresorhus/got>)","level":"warning","msg":"Access request denied","service_name":"ORY Oathkeeper","service_version":"v0.40.6","time":"2023-12-04T01:12:48.105944474Z"}
{"http_request":{"headers":{"accept":"application/json","accept-encoding":"gzip, deflate, br","connection":"keep-alive","user-agent":"got (<https://github.com/sindresorhus/got>)","x-forwarded-for":"172.19.0.1","x-forwarded-host":"<http://whoami.lc|whoami.lc>","x-forwarded-path":"/pages/private","x-forwarded-port":"8000","x-forwarded-proto":"http","x-kong-request-id":"facbf508e60b1d6411826d0cbafc0e00","x-real-ip":"172.19.0.1"},"host":"oathkeeper:4455","method":"GET","path":"/pages/private","query":null,"remote":"172.19.0.11:60092","scheme":"http"},"http_response":{"headers":{"content-type":"text/html; charset=utf-8","location":"<http://app.lc/login?continue=http%3A%2F%2Foathkeeper%3A4455%2Fpages%2Fprivate>"},"size":114,"status":302,"text_status":"Found","took":801890},"level":"info","msg":"completed handling request","time":"2023-12-04T01:12:48.106218184Z"}i
icy-manchester-83109
12/04/2023, 7:37 AMYour rule matches
<http://oathkeeper:4455/pages/private/|http://oathkeeper:4455/pages/private/>...<http://whoami.lc:8000|http://whoami.lc:8000>67 Views