Hello,
I'm trying to verify the functionality of ...
# ory-selfhostingw
worried-yak-72255
02/26/2025, 9:01 AMHello,
I'm trying to verify the functionality of Kratos by installing kratos and kratos-selfservice-ui-node using Helm, but I'm encountering some issues. I would really appreciate it if you could take a look.
For example:
helm install kratos ory/kratos -f kratos-values.yaml
helm install kratos-ui ory/kratos-selfservice-ui-node -f kratos-ui-values.yaml
Before checking the functionality, I specified the URLs as follows:
base_url: https://example.co.kr
public URL: https://example.co.kr/public
admin URL: https://example.co.kr/admin
I was trying to configure it based on paths rather than subdomains due to a CSRF token issue. Please let me know if I misunderstood something or misconfigured it.
While performing the login flow for testing, I ran into a problem:
https://www.ory.sh/docs/kratos/self-service/flows/user-login#login-for-api-clients-and-clients-without-browsers
1.I accessed https://example.co.kr/login in the browser and received a 303 response.
2.The browser was redirected to https://example/public/self-service/login/browser?aal=&refresh=&return_to=&organization=&via= but received a 404 response instead of a 303.
Here’s the relevant code, which I hope will be helpful:
*kratos-ui-values.yaml
Copy code
...
kratosAdminUrl: <https://example.co.kr/admin>
kratosBrowserUrl: <https://example.co.kr/public>
kratosPublicUrl: <https://example.co.kr/public>
service:
port: 4455
ingress:
enabled: true
hosts:
- host: <http://example.co.kr|example.co.kr>
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- <http://example.co.kr|example.co.kr>
secretName: cert
networks:
intranet: Copy code
kratos:
config:
...
selfservice:
allowed_return_urls:
- <https://example.co.kr>
default_browser_return_url: <https://example.co.kr/>
flows:
error:
ui_url: <https://example.co.kr/error>
login:
ui_url: <https://example.co.kr/login>
logout:
after:
default_browser_return_url: <https://example.co.kr/login>
registration:
after:
password:
hooks:
- hook: session
ui_url: <https://example.co.kr/registration>
settings:
privileged_session_max_age: 15m
required_aal: highest_available
ui_url: <https://example.co.kr/settings>
...
serve:
admin:
base_url: <https://example.co.kr/admin>
public:
base_url: <https://example.co.kr/public>
cors:
allowed_origins:
- <https://example.co.kr>
enabled: true
identitySchemas:
kratos-identity.schema.json: ...
service:
public:
port: 4433
admin:
port: 4434
ingress:
admin:
enabled: true
hosts:
- host: <http://example.co.kr|example.co.kr>
paths:
- path: /admin
pathType: Prefix
tls:
- hosts:
- <http://example.co.kr|example.co.kr>
secretName: cert
public:
enabled: true
hosts:
- host: <http://example.co.kr|example.co.kr>
paths:
- path: /public
pathType: Prefix
tls:
- hosts:
- <http://example.co.kr|example.co.kr>
secretName: cert
networks:
intranet:worried-yak-72255
02/26/2025, 10:36 AMI'm sorry for writing such a long message, but I was really struggling and needed help....🥺
I also tried using a subdomain just in case, but the results were disastrous.
kratos-ui is at auth.example.co.kr
kratos public is at public.example.co.kr
kratos admin is at admin.example.co.kr
While performing the login flow for testing, I encountered an issue:
I accessed https://auth.example.co.kr/login in the browser and received a 303 response.
The browser was redirected to https://public.example.co.kr/self-service/login/browser?aal=&refresh=&return_to=&organization=&via= and received a 303 response, and I also received a csrf_token.
I was redirected to https://auth.olympos.uracle.co.kr/login?flow=1c159066-d9fb-4c20-91a6-86d028ad080b, but the request did not include the csrf_token received in step 2.
Steps 2 and 3 are repeating infinitely..."
9 Views