Hi
I have configured oahtkeeper to work as a rever...
# talk-oathkeeperj
jolly-pencil-87491
04/26/2022, 9:47 AMHi
I have configured oahtkeeper to work as a reverse proxy for my web app. Like when I click on http://127.0.0.1:4455/login then it will redirect me to my web app http://127.0.0.1/Login3.aspx. Now I want to configure this with cookie session authenticator. I want some help to do this. My yml file is
serve:
proxy:
port: 4455 # run the proxy at port 4455
api:
port: 4456 # run the api at port 4456
access_rules:
repositories:
- <file//C>/Users/test/oathkeeper-demo/rules.json
errors:
fallback:
- json
handlers:
json:
enabled: true
config:
verbose: true
redirect:
enabled: true
config:
to: https://www.ory.sh/docs
mutators:
header:
enabled: true
config:
headers:
X-User: "{{ print .Subject }}"
# You could add some other headers, for example with data from the
# session.
# X-Some-Arbitrary-Data: "{{ print .Extra.some.arbitrary.data }}"
noop:
enabled: true
id_token:
enabled: false
config:
jwks_url: file:///jwks.json
authorizers:
allow:
enabled: true
deny:
enabled: true
authenticators:
anonymous:
enabled: true
config:
subject: guest
My rules are
[
{
"id": "allow-anonymous-with-header-mutator",
"version": "v0.36.0-beta.4",
"upstream": {
"url": "http://127.0.0.1/Login3.aspx"
},
"match": {
"url": "http://127.0.0.1:4455/login",
"methods": [
"GET"
]
},
"authenticators": [
{
"handler": "cookie_session"
}
],
"authorizer": {
"handler": "allow"
},
"mutators": [
{
"handler": "noop"
}
],
"errors": [
{
"handler": "redirect",
"config":
{
"to": "http://127.0.0.1/Login3.aspx"
}
}
]
},
]
d
damp-sunset-69236
04/26/2022, 9:53 AMHello. You can find a configuration example of cookie_session authenticator here
oathkeeper.yml
access_rules.yml
j
jolly-pencil-87491
04/27/2022, 8:50 AMHi,
I have configured it but when I try to run in web browser than page is not displaying. I want to config this authentication in my web app which is currently running via localhost/Login3.aspx
jolly-pencil-87491
05/11/2022, 8:21 AMHi,
I am getting the error that credentials are invalid when using cookie session. Any idea what is the issue ?
d
damp-sunset-69236
05/11/2022, 8:40 AMHello. Could you show cookie_session authenticator config?
j
jolly-pencil-87491
05/11/2022, 9:10 AMThe following is my oathkeeper.yml file
serve:
proxy:
port: 4455 # run the proxy at port 4455
api:
port: 4456 # run the api at port 4456
access_rules:
repositories:
- <file//C>/Users/test/oathkeeper-demo/rules.json
errors:
fallback:
- json
handlers:
json:
enabled: true
config:
verbose: true
redirect:
enabled: true
config:
to: https://www.ory.sh/docs
mutators:
header:
enabled: true
config:
headers:
X-User: "{{ print .Subject }}"
# You could add some other headers, for example with data from the
# session.
# X-Some-Arbitrary-Data: "{{ print .Extra.some.arbitrary.data }}"
noop:
enabled: true
id_token:
enabled: false
config:
jwks_url: file:///jwks.json
authorizers:
allow:
enabled: true
deny:
enabled: false
authenticators:
cookie_session:
enabled: true
config:
check_session_url: http://localhost/powerview/startupportfolio.aspx?MenuItemId=687
preserve_path: true
extra_from: "@this"
#subject_from: "identity.id"
only:
- ASP.NET_SessionId
jolly-pencil-87491
05/11/2022, 9:10 AMThese are the rules
[
{
"id": "allow-anonymous-with-header-mutator",
"version": "v0.36.0-beta.4",
"upstream": {
"url": "http://localhost/powerview/startupportfolio.aspx?MenuItemId=687"
},
"match": {
"url": "http://127.0.0.1:4455/login",
"methods": [
"GET"
]
},
"authenticators": [
{
"handler": "cookie_session",
}
],
"authorizer": {
"handler": "allow"
},
"mutators": [
{
"handler": "noop"
}
]
},
]
d
damp-sunset-69236
05/11/2022, 9:18 AMOut of curiosity why do you have the same url used as upstream and as authenticator?
I see that
Copy code
check_session_url: <http://localhost/powerview/startupportfolio.aspx?MenuItemId=687> Copy code
"upstream": {
"url": "<http://localhost/powerview/startupportfolio.aspx?MenuItemId=687>"
},j
jolly-pencil-87491
05/11/2022, 9:22 AMActually what I want is when I enter this url http://127.0.0.1:4455/login than it checks the cookie "ASP.NET_SessionId" and if found than remain inside the same page which is this url http://localhost/powerview/startupportfolio.aspx?MenuItemId=687
What happens currently is when I click on this url
http://127.0.0.1:4455/login, it redirects me to the login page although cookie was present
d
damp-sunset-69236
05/11/2022, 9:39 AMDo you have any endpoint to validate the session?
damp-sunset-69236
05/11/2022, 9:40 AMcookie_session authenticator relies on external API call, hence you need to implement it. The design is simple
• Return 200 OK if cookie is valid
• Return 401 if there’s no cookie
j
jolly-pencil-87491
05/11/2022, 9:41 AMSo it means that my config is ok but my cookies are not valid ?
jolly-pencil-87491
05/11/2022, 9:47 AMBecause when I tried my cookies with postman than I also got the same error that credentials are invalid
d
damp-sunset-69236
05/11/2022, 9:55 AMDo you use Ory Kratos with Oathkeeper?
j
jolly-pencil-87491
05/11/2022, 10:01 AMNo just oathkeeper and my purpose is to redirect to the same page if cookie is valid
d
damp-sunset-69236
05/11/2022, 10:03 AMWhy? I think that it would be better to implement it without using oathkeeper. It seems that oathkeeper is redundant for this specific usecase.
👍 1
j
jolly-pencil-87491
05/12/2022, 7:38 AMHi,
So I've configured oathkeeper with cookie session but now I am facing the issue that when session is available it redirects to only url of my app but I want to fetch all urls of my app. Pls advise
2 Views