https://www.ory.sh/ logo
#talk-oathkeeper
Title
# talk-oathkeeper
j

jolly-pencil-87491

04/26/2022, 9:47 AM
Hi I have configured oahtkeeper to work as a reverse proxy for my web app. Like when I click on http://127.0.0.1:4455/login then it will redirect me to my web app http://127.0.0.1/Login3.aspx. Now I want to configure this with cookie session authenticator. I want some help to do this. My yml file is serve: proxy: port: 4455 # run the proxy at port 4455 api: port: 4456 # run the api at port 4456 access_rules: repositories: - <file//C&gt;/Users/test/oathkeeper-demo/rules.json errors: fallback: - json handlers: json: enabled: true config: verbose: true redirect: enabled: true config: to: https://www.ory.sh/docs mutators: header: enabled: true config: headers: X-User: "{{ print .Subject }}" # You could add some other headers, for example with data from the # session. # X-Some-Arbitrary-Data: "{{ print .Extra.some.arbitrary.data }}" noop: enabled: true id_token: enabled: false config: jwks_url: file:///jwks.json authorizers: allow: enabled: true deny: enabled: true authenticators: anonymous: enabled: true config: subject: guest My rules are [ { "id": "allow-anonymous-with-header-mutator", "version": "v0.36.0-beta.4", "upstream": { "url": "http://127.0.0.1/Login3.aspx" }, "match": { "url": "http://127.0.0.1:4455/login", "methods": [ "GET" ] }, "authenticators": [ { "handler": "cookie_session" } ], "authorizer": { "handler": "allow" }, "mutators": [ { "handler": "noop" } ], "errors": [ { "handler": "redirect", "config": { "to": "http://127.0.0.1/Login3.aspx" } } ] }, ]
d

damp-sunset-69236

04/26/2022, 9:53 AM
Hello. You can find a configuration example of cookie_session authenticator here oathkeeper.yml access_rules.yml
j

jolly-pencil-87491

04/27/2022, 8:50 AM
Hi, I have configured it but when I try to run in web browser than page is not displaying. I want to config this authentication in my web app which is currently running via localhost/Login3.aspx
Hi, I am getting the error that credentials are invalid when using cookie session. Any idea what is the issue ?
d

damp-sunset-69236

05/11/2022, 8:40 AM
Hello. Could you show cookie_session authenticator config?
j

jolly-pencil-87491

05/11/2022, 9:10 AM
The following is my oathkeeper.yml file serve: proxy: port: 4455 # run the proxy at port 4455 api: port: 4456 # run the api at port 4456 access_rules: repositories: - <file//C&gt;/Users/test/oathkeeper-demo/rules.json errors: fallback: - json handlers: json: enabled: true config: verbose: true redirect: enabled: true config: to: https://www.ory.sh/docs mutators: header: enabled: true config: headers: X-User: "{{ print .Subject }}" # You could add some other headers, for example with data from the # session. # X-Some-Arbitrary-Data: "{{ print .Extra.some.arbitrary.data }}" noop: enabled: true id_token: enabled: false config: jwks_url: file:///jwks.json authorizers: allow: enabled: true deny: enabled: false authenticators: cookie_session: enabled: true config: check_session_url: http://localhost/powerview/startupportfolio.aspx?MenuItemId=687 preserve_path: true extra_from: "@this" #subject_from: "identity.id" only: - ASP.NET_SessionId
These are the rules [ { "id": "allow-anonymous-with-header-mutator", "version": "v0.36.0-beta.4", "upstream": { "url": "http://localhost/powerview/startupportfolio.aspx?MenuItemId=687" }, "match": { "url": "http://127.0.0.1:4455/login", "methods": [ "GET" ] }, "authenticators": [ { "handler": "cookie_session", } ], "authorizer": { "handler": "allow" }, "mutators": [ { "handler": "noop" } ] }, ]
d

damp-sunset-69236

05/11/2022, 9:18 AM
Out of curiosity why do you have the same url used as upstream and as authenticator? I see that
Copy code
check_session_url: <http://localhost/powerview/startupportfolio.aspx?MenuItemId=687>
used for cookie_session authenticator and you are trying to proxy request to
Copy code
"upstream": {
      "url": "<http://localhost/powerview/startupportfolio.aspx?MenuItemId=687>"
    },
j

jolly-pencil-87491

05/11/2022, 9:22 AM
Actually what I want is when I enter this url http://127.0.0.1:4455/login than it checks the cookie "ASP.NET_SessionId" and if found than remain inside the same page which is this url http://localhost/powerview/startupportfolio.aspx?MenuItemId=687 What happens currently is when I click on this url http://127.0.0.1:4455/login, it redirects me to the login page although cookie was present
d

damp-sunset-69236

05/11/2022, 9:39 AM
Do you have any endpoint to validate the session?
cookie_session authenticator relies on external API call, hence you need to implement it. The design is simple • Return 200 OK if cookie is valid • Return 401 if there’s no cookie
j

jolly-pencil-87491

05/11/2022, 9:41 AM
So it means that my config is ok but my cookies are not valid ?
Because when I tried my cookies with postman than I also got the same error that credentials are invalid
d

damp-sunset-69236

05/11/2022, 9:55 AM
Do you use Ory Kratos with Oathkeeper?
j

jolly-pencil-87491

05/11/2022, 10:01 AM
No just oathkeeper and my purpose is to redirect to the same page if cookie is valid
d

damp-sunset-69236

05/11/2022, 10:03 AM
Why? I think that it would be better to implement it without using oathkeeper. It seems that oathkeeper is redundant for this specific usecase.
👍 1
j

jolly-pencil-87491

05/12/2022, 7:38 AM
Hi, So I've configured oathkeeper with cookie session but now I am facing the issue that when session is available it redirects to only url of my app but I want to fetch all urls of my app. Pls advise
2 Views