magnificent-energy-493
salmon-article-80089
10/11/2021, 12:25 PMlog:
level: debug
format: json
serve:
proxy:
tls:
cert:
path: /my_path/cert.pem
key:
path: /my_path/key.pem
cors:
enabled: true
allowed_methods:
- POST
- GET
- PUT
- PATCH
- DELETE
allowed_headers:
- Authorization
- Content-Type
exposed_headers:
- Content-Type
allow_credentials: true
debug: true
errors:
fallback:
- json
handlers:
redirect:
enabled: true
config:
to: <https://host:4455/auth/login>
when:
- error:
- unauthorized
- forbidden
request:
header:
accept:
- text/html
json:
enabled: true
config:
verbose: true
access_rules:
matching_strategy: glob
repositories:
- file:///etc/config/oathkeeper/accessrules.yml
authenticators:
anonymous:
enabled: true
config:
subject: guest
cookie_session:
enabled: true
config:
check_session_url: <http://kratos:4433/sessions/whoami>
preserve_path: true
extra_from: '@this'
subject_from: identity.id
only:
- ory_kratos_session
noop:
enabled: true
authorizers:
allow:
enabled: true
remote_json:
enabled: true
config:
remote: <http://apollo:5000/api/accessrules/authorization>
forward_response_headers_to_upstream:
- test
payload: '{ "subject": "{{ print .Subject }}", ""url": "{{
print .MatchContext.URL}}" }
'
mutators:
noop:
enabled: true
id_token:
enabled: true
config:
issuer_url: <https://host:4455/>
jwks_url: file:///etc/config/oathkeeper/id_token.jwks.json
claims: "{\n \"session\": {{ .Extra | toJson }}\n}\n"`
and I am running my project on Docker.salmon-article-80089
10/11/2021, 12:26 PMsalmon-article-80089
10/11/2021, 12:27 PM- id: ory:kratos:public
upstream:
preserve_host: true
url: http://kratos:4433
strip_path: /.ory/kratos/public
match:
url: http//<{oathkeeper,iap.ir4455}>/.ory/kratos/public/<**>
methods:
- GET
- POST
- PUT
- DELETE
- PATCH
authenticators:
- handler: noop
authorizer:
handler: allow
mutators:
- handler: noop
- id: orykratos selfservice ui nodeanonymous
upstream:
preserve_host: true
url: http://kratos-selfservice-ui-node:4435
match:
url: http//<{oathkeeper,iap.ir4455}>/<{error,recovery,verify,auth/*,.css,.js}{/,}>
methods:
- GET
authenticators:
- handler: anonymous
authorizer:
handler: allow
mutators:
- handler: noop
- id: orykratos selfservice ui nodeprotected
upstream:
preserve_host: true
url: http://kratos-selfservice-ui-node:4435
match:
url: http://iap.ir:4455/<{,debug,dashboard,settings}>
methods:
- GET
authenticators:
- handler: cookie_session
authorizer:
handler: allow
mutators:
- handler: id_token
errors:
- handler: redirect
config:
to: http://iap.ir:4455/auth/login
- id: 46857558-b8d5-451c-8214-d35d16cd351d/4d6161c6-d404-4273-9eab-f753cde8ba29
upstream:
preserve_host: true
url: https://google.com
match:
url: http://httpbin.iap.ir:4455/<**>
methods:
- GET
- POST
- PUT
- DELETE
- PATCH
authenticators:
- handler: cookie_session
authorizer:
handler: remote_json
config:
remote: http://apollo:5000/api/accessrules/authorization
payload: '{"subject": "{{ print .Subject }}", "url": "{{ print .MatchContext.URL}}"}'
mutators:
- handler: id_token
errors:
- handler: redirect
config:
to: http://iap.ir:4455/auth/login
- id: bebb81b9-8cf6-4bb9-bb6c-2e4539cf1e89/4581fd53-b3c4-4094-a7ea-445a6c99f954
upstream:
preserve_host: true
strip_path: /app2
url: https://google.com
match:
url: http://iap.ir:4455/app2/<**>
methods:
- POST
- GET
- PUT
- PATCH
- HEAD
- DELETE
- CONNECT
- TRACE
authenticators:
- handler: cookie_session
authorizer:
handler: remote_json
config:
remote: http://apollo:5000/api/accessrules/authorization
payload: '{"subject": "{{ print .Subject }}", "url": "{{ print .MatchContext.URL
}}"}'
mutators:
- handler: noop
errors:
- handler: redirect
config:
to: http://iap.ir:4455/auth/loginsalmon-article-80089
10/11/2021, 12:27 PMsalmon-article-80089
10/13/2021, 12:28 PMmagnificent-energy-493
salmon-article-80089
10/13/2021, 2:27 PMsalmon-article-80089
10/16/2021, 8:08 AM