I have the following use case:
- An http backend application running behind an oauth proxy
- An OAuth proxy that authenticates users before authorizing access to the backend application
In some cases the application behind the proxy has another authorization method that also needs to be verified. Accessing through a browser seems to work fine as soon as I'm logged in into the oauth proxy... however, using CLI (i.e: curl) it doesn't work because I need somehow to pass 2 different authorization headers
After some reading I thought about sending 2 headers:
- Proxy-Authorization
- Authorization
The proxy-authorization
needs to be sent to the oauth proxy, and the authorization
is sent to the application.
For that I would add an auth-snippet
setting the Authorization for the auth-url
authentication and set the Authorization with the value of Proxy-Authorization
Something like that:
nginx.ingress.kubernetes.io/auth-signin: https://oauth.mydomain.net/oauth2/start?rd=https://myapplication.mydomain.net
nginx.ingress.kubernetes.io/auth-url: https://oauth.mydomain.net/oauth2/auth
nginx.ingress.kubernetes.io/auth-snippet: |
proxy_set_header Authorization $http_proxy_authorization;
And then set the Authorization
to the Authorization
header on the configuration-snippet
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Authorization "$http_authorization";
Well, it doesn't work, I'm still redirected to the oauth page to login with a 302
I also tried using $proxy_authorization
instead of $http_proxy_authorization
and tried setting proxy_pass_request_headers on
.
Any clue on what I can do to achieve that?