Hi Everyone I have configured Ory oathkeeper and now I want Ory Community #talk-oathkeeper

Hi Everyone, I have configured Ory oathkeeper and ...

jolly-pencil-87491

04/18/2022, 5:33 AM

Hi Everyone, I have configured Ory oathkeeper and now I want to use my web application with oathkeeper. I am new to this so can you please tell how to do this task ? My website is running in localhost and configured in IIS Thanks

damp-sunset-69236

04/19/2022, 8:29 AM

Hello. Unfortunately I don’t have any examples for oathkeeper and IIS but I can share different configurations for you

damp-sunset-69236

04/19/2022, 8:30 AM

You can check them here

damp-sunset-69236

04/19/2022, 8:31 AM

Could you please tell more about your usecase? What’s the current configuration and how are you going to use oathkeeper with your app?

jolly-pencil-87491

04/19/2022, 9:04 AM

Hi, Thank you for your response Currently I have configured my app named as "http://localhost/Login3.aspx" in IIS. When I am running http//<127.0.0.1|localhost>4455/anything/header then it gives me the following error "{"error":{"code":404,"status":"Not Found","message":"Requested url does not match any rules"}}"

damp-sunset-69236

04/19/2022, 12:30 PM

What’s your configuration case? Do you want use Oathkeeper as Identity and access proxy? Your rules should have this URL “http://<127.0.0.1|localhost>/Login3.aspx” if you want to proxy the network traffic to this endpoint

jolly-pencil-87491

04/20/2022, 6:54 AM

Yes I want to redirect my page to Login3.aspx through oathkeeper

jolly-pencil-87491

04/20/2022, 6:56 AM

This is my yml file serve: proxy: port: 4455 # run the proxy at port 4455 api: port: 4456 # run the api at port 4456 access_rules: repositories: - <file//C>/Users/test/oathkeeper-demo/rules.json errors: fallback: - json handlers: json: enabled: true config: verbose: true redirect: enabled: true config: to: https://www.ory.sh/docs mutators: header: enabled: true config: headers: X-User: "{{ print .Subject }}" # You could add some other headers, for example with data from the # session. # X-Some-Arbitrary-Data: "{{ print .Extra.some.arbitrary.data }}" noop: enabled: true id_token: enabled: true config: issuer_url: http://localhost:4455/ jwks_url: file:///jwks.json authorizers: allow: enabled: true deny: enabled: true authenticators: anonymous: enabled: true config: subject: guest

jolly-pencil-87491

04/20/2022, 6:57 AM

This is my rules file [ { "id": "allow-anonymous-with-header-mutator", "version": "v0.36.0-beta.4", "upstream": { "url": "https://httpbin.org/anything/header" }, "match": { "url": "http://<127.0.0.1|localhost>/Login3.aspx", "methods": [ "GET" ] }, "authenticators": [ { "handler": "anonymous" } ], "authorizer": { "handler": "allow" }, "mutators": [ { "handler": "header", "config": { "headers": { "X-User": "{{ print .Subject }}" } } } ] }, { "id": "deny-anonymous", "version": "v0.36.0-beta.4", "upstream": { "url": "https://httpbin.org/anything/deny" }, "match": { "url": "http//<127.0.0.1|localhost>4455/anything/deny", "methods": [ "GET" ] }, "authenticators": [ { "handler": "anonymous" } ], "authorizer": { "handler": "deny" }, "mutators": [ { "handler": "noop" } ], "errors": [ { "handler": "json", "config": { "when": [ { "request": { "header": { "accept": ["application/json"] } } } ] } }, { "handler": "redirect", "config": { "when": [ { "request": { "header": { "accept": ["text/*"] } } } ] } } ] }, { "id": "allow-anonymous-with-id-token-mutator", "version": "v0.36.0-beta.4", "upstream": { "url": "https://httpbin.org/anything/id_token" }, "match": { "url": "http//<127.0.0.1|localhost>4455/anything/id_token", "methods": [ "GET" ] }, "authenticators": [ { "handler": "anonymous" } ], "authorizer": { "handler": "allow" }, "mutators": [ { "handler": "id_token" } ] } ]

jolly-pencil-87491

04/21/2022, 9:37 AM

Hi, Any update ?

damp-sunset-69236

04/21/2022, 10:12 AM

Hello. I’m not sure why do you need to use oathkeeper to proxy traffic to your login3 webpage. If you want to achieve a redirection of unauthenticated requests to your login3 webpage you should have something like this in your rules

Copy code

match:
  url: <http://127.0.0.1:4455/please_redirect_me>
authenticator:
  - handler: cookie_session
...
errors:
  - handler: redirect
  config:
    to: <http://127.0.0.1/Login3.aspx>

On another hand it seems that you do not use

cookie_session

authenticator which would be useful to check sessions Your current configuration enables oathkeeper to act as reverse proxy and if you want to use it against your webpage then you should have the following configuration

Copy code

upstream:
  url: <http://127.0.0.1/Login3.aspx>
match:
  url: <http://127.0.0.1:4455/login>
...

Then run oathkeeper and open http://127.0.0.1:4455/login

jolly-pencil-87491

04/22/2022, 9:04 AM

Hi @User Thank you for your response. It help me quit a lot. I have a question like is it possible to convert http to https using oathkeeper ?

damp-sunset-69236

04/22/2022, 9:11 AM

I think that you need an ingress controller like nginx. It suits better for your case. Oathkeeper has reverse proxy features however its niche is to provide zero trust network architecture (proxy/pass only authenticated requests)

👍 1

damp-sunset-69236

04/22/2022, 9:13 AM

Usually, oathkeeper feels fine with nginx or envoy proxy. One configures nginx as reverse proxy for every backend services and oathkeeper acts like decision api

damp-sunset-69236

04/22/2022, 9:13 AM

You can find an integration with nginx here

jolly-pencil-87491

04/22/2022, 9:40 AM

Thank You 🙂

3 Views

Open in Slack

Previous Next