https://www.ory.sh/ logo
Join Slack
Powered by
Hey Reza, I will take a look as soon as I can, lat...
# talk-kratos
m
Hey Reza, I will take a look as soon as I can, later today. Can you also share your oathkeeper configs, rules and other information that might be helpful? Are you running it in Docker?
s
Hi, thank you for your reply. I sure.
Copy code
log:
  level: debug
  format: json
serve:
  proxy:
    tls:
      cert:
        path: /my_path/cert.pem
      key:
        path: /my_path/key.pem
    cors:
      enabled: true
      allowed_methods:
      - POST
      - GET
      - PUT
      - PATCH
      - DELETE
      allowed_headers:
      - Authorization
      - Content-Type
      exposed_headers:
      - Content-Type
      allow_credentials: true
      debug: true
errors:
  fallback:
  - json
  handlers:
    redirect:
      enabled: true
      config:
        to: <https://host:4455/auth/login>
        when:
        - error:
          - unauthorized
          - forbidden
          request:
            header:
              accept:
              - text/html
    json:
      enabled: true
      config:
        verbose: true
access_rules:
  matching_strategy: glob
  repositories:
  - file:///etc/config/oathkeeper/accessrules.yml
authenticators:
  anonymous:
    enabled: true
    config:
      subject: guest
cookie_session:
    enabled: true
    config:
      check_session_url: <http://kratos:4433/sessions/whoami>
      preserve_path: true
      extra_from: '@this'
      subject_from: identity.id
      only:
      - ory_kratos_session
  noop:
    enabled: true
authorizers:
  allow:
    enabled: true
  remote_json:
    enabled: true
    config:
      remote: <http://apollo:5000/api/accessrules/authorization>
      forward_response_headers_to_upstream:
      - test
      payload: '{          "subject": "{{ print .Subject }}",          ""url": "{{
        print .MatchContext.URL}}" }

        '
mutators:
  noop:
    enabled: true
  id_token:
    enabled: true
    config:
      issuer_url: <https://host:4455/>
      jwks_url: file:///etc/config/oathkeeper/id_token.jwks.json
      claims: "{\n  \"session\": {{ .Extra | toJson }}\n}\n"`
and I am running my project on Docker.
here is my accessrules.yml
- id: ory:kratos:public
upstream: preserve_host: true url: http://kratos:4433 strip_path: /.ory/kratos/public match: url: http//&lt;{oathkeeper,iap.ir4455}>/.ory/kratos/public/<**> methods: - GET - POST - PUT - DELETE - PATCH authenticators: - handler: noop authorizer: handler: allow mutators: - handler: noop - id: orykratos selfservice ui nodeanonymous upstream: preserve_host: true url: http://kratos-selfservice-ui-node:4435 match: url: http//&lt;{oathkeeper,iap.ir4455}>/<{error,recovery,verify,auth/*,.css,.js}{/,}> methods: - GET authenticators: - handler: anonymous authorizer: handler: allow mutators: - handler: noop - id: orykratos selfservice ui nodeprotected upstream: preserve_host: true url: http://kratos-selfservice-ui-node:4435 match: url: http://iap.ir:4455/<{,debug,dashboard,settings}> methods: - GET authenticators: - handler: cookie_session authorizer: handler: allow mutators: - handler: id_token errors: - handler: redirect config: to: http://iap.ir:4455/auth/login - id: 46857558-b8d5-451c-8214-d35d16cd351d/4d6161c6-d404-4273-9eab-f753cde8ba29 upstream: preserve_host: true url: https://google.com match: url: http://httpbin.iap.ir:4455/<**> methods: - GET - POST - PUT - DELETE - PATCH authenticators: - handler: cookie_session authorizer: handler: remote_json config: remote: http://apollo:5000/api/accessrules/authorization payload: '{"subject": "{{ print .Subject }}", "url": "{{ print .MatchContext.URL}}"}' mutators: - handler: id_token errors: - handler: redirect config: to: http://iap.ir:4455/auth/login - id: bebb81b9-8cf6-4bb9-bb6c-2e4539cf1e89/4581fd53-b3c4-4094-a7ea-445a6c99f954 upstream: preserve_host: true strip_path: /app2 url: https://google.com match: url: http://iap.ir:4455/app2/<**> methods: - POST - GET - PUT - PATCH - HEAD - DELETE - CONNECT - TRACE authenticators: - handler: cookie_session authorizer: handler: remote_json config: remote: http://apollo:5000/api/accessrules/authorization payload: '{"subject": "{{ print .Subject }}", "url": "{{ print .MatchContext.URL }}"}' mutators: - handler: noop errors: - handler: redirect config: to: http://iap.ir:4455/auth/login
@magnificent-energy-493 please let me know if there is anything you need
@magnificent-energy-493 Hey Vincent. I am sorry to ask. Any luck with my issue??
m
Hey Reza, I could not find the immediate issue, but I also asked a teammate who is working more with Oathkeeper to take a look. It might a take a little while, but we will figure it out 🙏
s
Thank you so much
@magnificent-energy-493 Hey Vincent, How are you?? Sorry, despite the last question that I had, I have something else to discuss. Should I use oathkeeper behind an Nginx or use it straightly without it??
5 Views
Open in Slack
PreviousNext
Powered by