https://www.ory.sh/ logo
#talk-oathkeeper
Title
# talk-oathkeeper
j

jolly-pencil-87491

04/18/2022, 5:33 AM
Hi Everyone, I have configured Ory oathkeeper and now I want to use my web application with oathkeeper. I am new to this so can you please tell how to do this task ? My website is running in localhost and configured in IIS Thanks
d

damp-sunset-69236

04/19/2022, 8:29 AM
Hello. Unfortunately I don’t have any examples for oathkeeper and IIS but I can share different configurations for you
You can check them here
Could you please tell more about your usecase? What’s the current configuration and how are you going to use oathkeeper with your app?
j

jolly-pencil-87491

04/19/2022, 9:04 AM
Hi, Thank you for your response Currently I have configured my app named as "http://localhost/Login3.aspx" in IIS. When I am running http//<127.0.0.1|localhost>4455/anything/header then it gives me the following error "{"error":{"code":404,"status":"Not Found","message":"Requested url does not match any rules"}}"
d

damp-sunset-69236

04/19/2022, 12:30 PM
What’s your configuration case? Do you want use Oathkeeper as Identity and access proxy? Your rules should have this URL “http://<127.0.0.1|localhost>/Login3.aspx” if you want to proxy the network traffic to this endpoint
j

jolly-pencil-87491

04/20/2022, 6:54 AM
Yes I want to redirect my page to Login3.aspx through oathkeeper
This is my yml file serve: proxy: port: 4455 # run the proxy at port 4455 api: port: 4456 # run the api at port 4456 access_rules: repositories: - <file//C&gt;/Users/test/oathkeeper-demo/rules.json errors: fallback: - json handlers: json: enabled: true config: verbose: true redirect: enabled: true config: to: https://www.ory.sh/docs mutators: header: enabled: true config: headers: X-User: "{{ print .Subject }}" # You could add some other headers, for example with data from the # session. # X-Some-Arbitrary-Data: "{{ print .Extra.some.arbitrary.data }}" noop: enabled: true id_token: enabled: true config: issuer_url: http://localhost:4455/ jwks_url: file:///jwks.json authorizers: allow: enabled: true deny: enabled: true authenticators: anonymous: enabled: true config: subject: guest
This is my rules file [ { "id": "allow-anonymous-with-header-mutator", "version": "v0.36.0-beta.4", "upstream": { "url": "https://httpbin.org/anything/header" }, "match": { "url": "http://<127.0.0.1|localhost>/Login3.aspx", "methods": [ "GET" ] }, "authenticators": [ { "handler": "anonymous" } ], "authorizer": { "handler": "allow" }, "mutators": [ { "handler": "header", "config": { "headers": { "X-User": "{{ print .Subject }}" } } } ] }, { "id": "deny-anonymous", "version": "v0.36.0-beta.4", "upstream": { "url": "https://httpbin.org/anything/deny" }, "match": { "url": "http//&lt;127.0.0.1|localhost&gt;4455/anything/deny", "methods": [ "GET" ] }, "authenticators": [ { "handler": "anonymous" } ], "authorizer": { "handler": "deny" }, "mutators": [ { "handler": "noop" } ], "errors": [ { "handler": "json", "config": { "when": [ { "request": { "header": { "accept": ["application/json"] } } } ] } }, { "handler": "redirect", "config": { "when": [ { "request": { "header": { "accept": ["text/*"] } } } ] } } ] }, { "id": "allow-anonymous-with-id-token-mutator", "version": "v0.36.0-beta.4", "upstream": { "url": "https://httpbin.org/anything/id_token" }, "match": { "url": "http//&lt;127.0.0.1|localhost&gt;4455/anything/id_token", "methods": [ "GET" ] }, "authenticators": [ { "handler": "anonymous" } ], "authorizer": { "handler": "allow" }, "mutators": [ { "handler": "id_token" } ] } ]
Hi, Any update ?
d

damp-sunset-69236

04/21/2022, 10:12 AM
Hello. I’m not sure why do you need to use oathkeeper to proxy traffic to your login3 webpage. If you want to achieve a redirection of unauthenticated requests to your login3 webpage you should have something like this in your rules
Copy code
match:
  url: <http://127.0.0.1:4455/please_redirect_me>
authenticator:
  - handler: cookie_session
...
errors:
  - handler: redirect
  config:
    to: <http://127.0.0.1/Login3.aspx>
On another hand it seems that you do not use
cookie_session
authenticator which would be useful to check sessions Your current configuration enables oathkeeper to act as reverse proxy and if you want to use it against your webpage then you should have the following configuration
Copy code
upstream:
  url: <http://127.0.0.1/Login3.aspx>
match:
  url: <http://127.0.0.1:4455/login>
...
Then run oathkeeper and open http://127.0.0.1:4455/login
j

jolly-pencil-87491

04/22/2022, 9:04 AM
Hi @User Thank you for your response. It help me quit a lot. I have a question like is it possible to convert http to https using oathkeeper ?
d

damp-sunset-69236

04/22/2022, 9:11 AM
I think that you need an ingress controller like nginx. It suits better for your case. Oathkeeper has reverse proxy features however its niche is to provide zero trust network architecture (proxy/pass only authenticated requests)
👍 1
Usually, oathkeeper feels fine with nginx or envoy proxy. One configures nginx as reverse proxy for every backend services and oathkeeper acts like decision api
You can find an integration with nginx here
j

jolly-pencil-87491

04/22/2022, 9:40 AM
Thank You 🙂
2 Views