Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

question: forgive the simple question #361

Open
oandgtc opened this issue Oct 9, 2024 · 0 comments
Open

question: forgive the simple question #361

oandgtc opened this issue Oct 9, 2024 · 0 comments
Assignees
Labels
need triage question Further information is requested

Comments

@oandgtc
Copy link

oandgtc commented Oct 9, 2024

Hi, I want to use the caddy-security oauth2 configuration for Azure users to be authenticated and forwarded to a reverse_proxy with the azure_token. So far I am able to authenticate my user using our Azure AD Application Registration, I am able to get the azure_token and verify this is correct but I am unable to redirect the successfully authenticated user to the reverse proxy. The basic questions start here:

Here is my caddyfile
`{
admin localhost:9000
order authenticate before respond
order authorize before basicauth

security {
	
	oauth identity provider azure {
        realm azure
        driver azure
        client_id xxxxxxxxxxxxxxxxxxxxxxxxx
        client_secret xxxxxxxxxxxxxxxxxxxxxxxxx
        scopes openid email profile offline_access
        tenant_id xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
		enable id_token_cookie azure_token
    }

    authentication portal mfportal {
        crypto default token lifetime 3600
        enable identity provider azure
        cookie domain xxxxxxxxx.com
        cookie path /
		
		transform user {
			match origin local
			action add role authp/user
		}

        transform user {
            match realm azure
            action add role authp/user
        }
    }

    authorization policy mfpolicy {
        allow roles authp/admin authp/user
        validate bearer header
        inject headers with claims
    }
}

}

http://localhost:777 {
log {
output file c:/temp/caddy/access.log
level debug
}

handle {
    authenticate with mfportal
    reverse_proxy http://localhost:3000 {
        header_up Cookie {http.request.header.Cookie}
    }
}

# Optional: Redirect for unauthorized access
respond "Unauthorized access" 401

}`

Am I on the right lines ? After I authenticate the user I am directed to the /portal Sign Out page.

Any starter advice very welcome, thank you Dave

@oandgtc oandgtc added need triage question Further information is requested labels Oct 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
need triage question Further information is requested
Projects
None yet
Development

No branches or pull requests

2 participants