Hi, So I've configured oathkeeper with cookie session but now I am facing the issue that when session is available it redirects to only url of my app but I want to fetch all urls of my app. Pls advise

Hello. Could you show your

access-rules.yml

?

Please check [ { "id": "allow-anonymous-with-header-mutator", "version": "v0.36.0-beta.4", "upstream": { "url": "http://localhost/powerview/ }, "match": { "url": "http://localhost:4455/", "methods": [ "GET" ] }, "authenticators": [ { "handler": "cookie_session", } ], "authorizer": { "handler": "allow" }, "mutators": [ { "handler": "noop" } ], "errors": [ { "handler": "redirect", "config": { "to": "http://localhost/powerview/login3.aspx" } } ] }, ]

Hello.

"url": "<http://localhost:4455/>",

You need to have either

"url": "<http://localhost:4455/><**>",

for glob pattern matching or

"url": "<http://localhost:4455/><.*>",

for regex

Hi @damp-sunset-69236 I have tried with glob pattern and now I have a query that my match url is http but my upstream url is https so how to match http with https ?

Hello @jolly-pencil-87491. Could you provide access-rules config please?

pls check [ { "id": "allow-anonymous-with-header-mutator", "version": "v0.36.0-beta.4", "upstream": { "url": "https://econergy.powerview.io:14907/" }, "match": { "url": "http://localhost:4455/designer-viewer/<.*>", "methods": [ "GET" ] }, "authenticators": [ { "handler": "cookie_session", } ], "authorizer": { "handler": "allow" }, "mutators": [ { "handler": "noop" } ], "errors": [ { "handler": "redirect", "config": { "to": "https://econergy.powerview.io/powerview/login3.aspx" } } ] }, ]

Do you want to use https for localhost? I think that you need to change your url for

<https://econergy.powerview.io/designer-viewer>

Actually what I want is that whenever I click on http://localhost:4455/designer-viewer/ than it will redirect to https://econergy.powerview.io:14907/ but it shows that page not found. Further I set this app in IIS

Redirect or proxy it from upstream?

Yeah proxy it from upstream

It shows you 404 error because it proxies to

<https://econergy.powerview.io:14907/designer-viewer>

. You need to add

strip_prefix

to your access rule to fix it

I will check it and update you accordingly Thanks for the support

Could you please send a developer console screenshot? But anyway, it looks like something is missing for access rules

Pls check

Yep. I see what’s wrong here. You have

"url": "<http://localhost:4455/designer-viewer/><.*>",

http://localhost:4455/designer-viewer URL configured for oathkeeper, however your static files does not match this rule

Right now there is no plan to use ingress controller.

You need to write an additional rule for that URL

can you please help me how to do it ?

Try this

[
  {
    "id": "allow-designer-viewer-anonymous",
    "version": "v0.36.0-beta.4",
	"upstream": {
      "url": "<https://econergy.powerview.io:14907/>",
      "strip_path": "/designker-viewer"
    },
    "match": {
      "url": "<http://localhost:4455/designer-viewer/><.*>",
      "methods": [
        "GET"
      ]
    },
    "authenticators": [
      {
        "handler": "cookie_session",
      }
    ],
    "authorizer": {
      "handler": "allow"
    },
    "mutators": [
      {
        "handler": "noop"
      }
    ],
	"errors": [
		{
			"handler": "redirect",
			"config": {
				"to": "<https://econergy.powerview.io/powerview/login3.aspx>"
			}
		}
	]
  },
{
    "id": "allow-root-anonymous",
    "version": "v0.36.0-beta.4",
	"upstream": {
      "url": "<https://econergy.powerview.io:14907/>"
    },
    "match": {
	  "url": "<http://localhost:4455/><**>",
      "methods": [
        "GET"
      ]
    },
    "authenticators": [
      {
        "handler": "cookie_session",
      }
    ],
    "authorizer": {
      "handler": "allow"
    },
    "mutators": [
      {
        "handler": "noop"
      }
    ],
	"errors": [
		{
			"handler": "redirect",
			"config": {
				"to": "<https://econergy.powerview.io/powerview/login3.aspx>"
			}
		}
	]
  },
]

Thankyou for your response I am getting the following error {"error":{"code":500,"status":"Internal Server Error","message":"error parsing regexp: invalid nested repetition operator in `^**$`"}}

Change from this to

"url": "<http://localhost:4455/><**>",

this

"url": "<http://localhost:4455/><.*>",

Now got the following error

{
  "error": {
    "code": 500,
    "status": "Internal Server Error",
    "message": "Expected exactly one rule but found multiple rules"
  }
}

Another rule that might work for you

{
    "id": "allow-root-anonymous",
    "version": "v0.36.0-beta.4",
	"upstream": {
      "url": "<https://econergy.powerview.io:14907/>",
      "strip_path": "/designer-viewer"
    },
    "match": {
	  "url": "<http://localhost:4455/><.*>",
      "methods": [
        "GET"
      ]
    },
    "authenticators": [
      {
        "handler": "cookie_session",
      }
    ],
    "authorizer": {
      "handler": "allow"
    },
    "mutators": [
      {
        "handler": "noop"
      }
    ],
	"errors": [
		{
			"handler": "redirect",
			"config": {
				"to": "<https://econergy.powerview.io/powerview/login3.aspx>"
			}
		}
	]
  },
]

Now got this error

{
  "error": {
    "code": 500,
    "status": "Internal Server Error",
    "message": "error parsing regexp: invalid nested repetition operator in `^**$`"
  }
}

I fixed it.

What is the solution ?

The previous example that I sent 🙂

Yeah I tried it but got this error

{
  "error": {
    "code": 500,
    "status": "Internal Server Error",
    "message": "error parsing regexp: invalid nested repetition operator in `^**$`"
  }
}

please change the pattern from this

"url": "<http://localhost:4455/><**>",

to this

"url": "<http://localhost:4455/><.*>",

Hi, Thankyou again for your response. It is working with one url but it gives error with different urls and saying that found multiple rules

What’s your case? 🙂

[ { "id": "allow-root-anonymous", "version": "v0.36.0-beta.4", "upstream": { "url": "https://econergy.powerview.io:14907/", "strip_path": "/designer-viewer" }, "match": { "url": "http://localhost:4455/1/<http://localhost:4455/1/%3C.*%3E%22%7C&lt;.*>">, "methods": [ "GET ] }, "authenticators": [ { "handler": "cookie_session", } ], "authorizer": { "handler": "allow" }, "mutators": [ { "handler": "noop" } ], "errors": [ { "handler": "redirect", "config": { "to": "https://econergy.powerview.io/powerview/login3.aspx" } } ] }, { "id": "allow-secondrule", "version": "v0.36.0-beta.4", "upstream": { "url": "https://econergy.powerview.io:14906/", "strip_path": "/3" }, "match": { "url": "http://localhost:4455/3/<http://localhost:4455/3/%3C.*%3E%22%7C&lt;.*>">, "methods": [ "GET" ] }, "authenticators": [ { "handler": "cookie_session", } ], "authorizer": { "handler": "allow" }, "mutators": [ { "handler": "noop" } ], "errors": [ { "handler": "redirect", "config": { "to": "https://econergy.powerview.io/powerview/login3.aspx" } } ] } ]

Could you tell more about your URL structure?

Actually I want to put my both urls behind this oathkeeper 1 url is https://econergy.powerview.io:14907/ 2 url is https://econergy.powerview.io:14906/ But when I click on 2nd rule's matching url than it shows that expect single rule and found multiple

How do you want to expose them to the public internet?

Right now when I click on http://localhost:4455/1/ than I am getting to my desired page but when I click on http://localhost:4455/3/ than I am getting an error that found multiple rules. My task is simple that I want to get to my both url whenever I click on any of the above two urls

Could you please give some examples following this structure 1. localhost:4455/1 should proxy traffic to https://econergy.powerview.io:14907/ for anonymous users 2. localhost:4455/2 should proxy traffic to https://econergy.powerview.io:14906/ for authenticated users

Both for authenticated users. I am able to get in https://econergy.powerview.io:14907/ but as I click on localhost:4455/2 to get in https://econergy.powerview.io:14906/ than I am getting the error that multiple rules find

Hello. Let me describe the theoretical part of a solution because it couldn’t work. You need to have a setup for your microservices or isolate URLs here. For instance, you have the following idea to route traffic http://localhost:4455/design proxies traffic to https://econergy.powerview.io:14907/. In that case, you need that econergy has support of serving files using this URL(static files, content, something else). Usually, people use

baseURL

or something similar for that purpose. It works like this econergy exposes everything on /design/. You configure a simple rule for oathkeeper (you have plenty of examples in this thread). Everything should work fine using this setup. The same thing you need to do with another service.