https://www.ory.sh/ logo
Join Slack
Powered by
Hello team :smiley:, I’m new to Ory and just picke...
# talk-oathkeeper
m
Hello team 😃, I’m new to Ory and just picked it up for evaluation in order to use it in our project. What I have so far is Kratos/Keto/OathKeeper (with proxy) installed and got Authentication (OathKeeper -> Kratos) working.. I was trying to setup Authorization (OathKeeper -> Keto) and that’s where I’m facing an issue.. (detail inside)
OathKepper is configured with 
keto_engine_acp_ory
authorizer and throws 500 when I call my configured endpoint.. looking at Keto’s logs I see Keto is returning 
404
and that the following endpoint is being called 
POST path:/engines/acp/ory/regex/allowed query:<nil>
However, I don’t see such endpoint in Keto’s documentation (https://www.ory.sh/docs/keto/reference/rest-api#tag/read).. only 
POST /check
log entries from Keto:
Copy code
time=2022-07-12T20:54:02Z level=info msg=completed handling request http_request=map[headers:map[accept:*/* accept-encoding:gzip user-agent:curl/7.79.1 x-forwarded-for:10.42.0.1 x-forwarded-host:<http://keto.local.com|keto.local.com> x-forwarded-port:80 x-forwarded-prefix:/read x-forwarded-proto:http x-forwarded-server:traefik-df4ff85d6-7x8dm x-real-ip:10.42.0.1] host:<http://keto.local.com|keto.local.com> method:GET <path://engines/acp/ory/regex/allowed> query:<nil> remote:10.42.0.8:56210 scheme:http] http_response=map[headers:map[content-type:text/plain; charset=utf-8 x-content-type-options:nosniff] size:19 status:404 text_status:Not Found took:751µs]


time=2022-07-12T20:54:16Z level=info msg=started handling request http_request=map[headers:map[accept:*/* accept-encoding:gzip user-agent:curl/7.79.1 x-forwarded-for:10.42.0.1 x-forwarded-host:<http://keto.local.com|keto.local.com> x-forwarded-port:80 x-forwarded-prefix:/read x-forwarded-proto:http x-forwarded-server:traefik-df4ff85d6-7x8dm x-real-ip:10.42.0.1] host:<http://keto.local.com|keto.local.com> method:GET path:/engines/acp/ory/regex/allowed query:<nil> remote:10.42.0.8:56210 scheme:http]
time=2022-07-12T20:54:16Z level=info msg=completed handling request http_request=map[headers:map[accept:*/* accept-encoding:gzip user-agent:curl/7.79.1 x-forwarded-for:10.42.0.1 x-forwarded-host:<http://keto.local.com|keto.local.com> x-forwarded-port:80 x-forwarded-prefix:/read x-forwarded-proto:http x-forwarded-server:traefik-df4ff85d6-7x8dm x-real-ip:10.42.0.1] host:<http://keto.local.com|keto.local.com> method:GET path:/engines/acp/ory/regex/allowed query:<nil> remote:10.42.0.8:56210 scheme:http] http_response=map[headers:map[content-type:text/plain; charset=utf-8 x-content-type-options:nosniff] size:19 status:404 text_status:Not Found took:1.443829ms]
I’m installing everything through Helm on a K3s cluster.. here are the images I see in my nodes:
Copy code
<http://docker.io/oryd/keto|docker.io/oryd/keto>                          v0.8.0-alpha.0         4c0d012c67bb3       14.1MB
<http://docker.io/oryd/kratos|docker.io/oryd/kratos>                        v0.9.0-alpha.2         b3a49ebccbf55       17.2MB
<http://docker.io/oryd/oathkeeper|docker.io/oryd/oathkeeper>                    v0.38.19-beta.1        e1c16881929c3       9.98MB
Update: found an example close to my setup that utilizes 
remote_json
authorizer with `keto`’s 
/check
endpoint: https://github.com/ory/examples/tree/master/kratos-keto-oathkeeper-k8s I’ll use that as a workaround for now, but I wonder if the documentation needs to be updated if 
keto_engine_acp_ory
no longer works
f
Hey. 
keto_engine_acp_ory
is for old versions of keto (below 0.6). The best way to have an integration is to use the way that you found.
remote_json
works fine with Keto so consider using this method
m
Thank you!
I wonder if documentation should reflect that..
Open in Slack
PreviousNext
Powered by