Comments (12)
jos3k4
commented on August 20, 2024
As a note I execute only with configuration file (Not CLI options)
./google_auth_proxy -config "oauth2_proxy2.cfg"
from oauth2_proxy.
jehiah
commented on August 20, 2024
@jos3k4 so there have been quite a few change since version 1.1.1 so your config file might not match up perfectly if you grabbed it directly from this repo.
I just released version 2.0 a few moments ago (#111) so can you re-test with that version and update here if you continue to run into any issues?
https://github.com/bitly/oauth2_proxy/releases/tag/v2.0
from oauth2_proxy.
jos3k4
commented on August 20, 2024
Thank you @jehiah I will test it and post some feedback here.
from oauth2_proxy.
jos3k4
commented on August 20, 2024
After try the latest release, I have the same problem, it redirects me to the authentication page instead of the one that I have in the property upsteam.
## the http url(s) of the upstream endpoint. If multiple, routing is based on path
upstreams = [
"http://localhost:8080"
]
There is another way I can have this working?
Also I've noticed the following warnings in the log
2015/06/12 23:35:59 oauthproxy.go:241: http: named cookie not present
In the configuration file I have the properties cookie_key and cookie_secret with my values, so this should work.
from oauth2_proxy.
jehiah
commented on August 20, 2024
@jos3k4 can you share your full configuration file (sans client secret) and a larger section of log output showing the request cycle when you authenticate and the request after authentication you expect to have a session?
Is the browser talking over ssl directly to oauth2_proxy, or do you have something else handling SSL? If not, have you set --cookie-secure setting appropriately?
from oauth2_proxy.
mbland
commented on August 20, 2024
Sorry, just noticed something in the original post:
Is something more that I have to configure or install (I don't have nginx installed on the machine)
If you don't have nginx (or another webserver) serving your site on localhost:8080, there's nothing for the oauth2_proxy to redirect to. Where is your site being served currently without oauth2_proxy?
Also, make sure you don't have cookies disabled, as oauth2_proxy stores a cookie for your --cookie-domain.
from oauth2_proxy.
jos3k4
commented on August 20, 2024
This is the configuration file that currently I'm using.
## OAuth2 Proxy Config File
## https://github.com/bitly/oauth2_proxy
## <addr>:<port> to listen on for HTTP/HTTPS clients
http_address = "0.0.0.0:80"
https_address = ":443"
## TLS Settings
# tls_cert_file = ""
# tls_key_file = ""
## the OAuth Redirect URL.
# defaults to the "https://" + requested host header + "/oauth2/callback"
redirect_url = "http://app.company.com/oauth2/callback"
## the http url(s) of the upstream endpoint. If multiple, routing is based on path
upstreams = [
"http://127.0.0.1:8080"
]
## Log requests to stdout
# request_logging = true
## pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream
pass_basic_auth = true
## pass the request Host Header to upstream
## when disabled the upstream Host is used as the Host Header
# pass_host_header = true
## Email Domains to allow authentication for (this authorizes any email on this domain)
## for more granular authorization use `authenticated_emails_file`
## To authorize any email addresses use "*"
email_domains = [
"company.com"
]
## The OAuth Client ID, Secret
client_id = "***"
client_secret = "***"
## Pass OAuth Access token to upstream via "X-Forwarded-Access-Token"
# pass_access_token = false
## Authenticated Email Addresses File (one email per line)
# authenticated_emails_file = ""
## Htpasswd File (optional)
## Additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption
## enabling exposes a username/login signin form
# htpasswd_file = ""
## Templates
## optional directory with custom sign_in.html and error.html
# custom_templates_dir = ""
## Cookie Settings
## Key - the cookie name
## Secret - the seed string for secure cookies; should be 16, 24, or 32 bytes
## for use with an AES cipher when cookie_refresh or pass_access_token
## is set
## Domain - (optional) cookie domain to force cookies to (ie: .yourcompany.com)
## Expire - (duration) expire timeframe for cookie
## Refresh - (duration) refresh the cookie when less than this much time remains before
## expiration; should be less than cookie_expire; set to 0 to disable.
## Refresh revalidated the OAuth token to ensure it is still valid. ie: 24h
## Secure - secure cookies are only sent by the browser of a HTTPS connection (recommended)
## HttpOnly - httponly cookies are not readable by javascript (recommended)
cookie_key = "_oauth2proxy"
cookie_secret = "4Yz0qO5NF+|GKP#O6O1V9FR8]Sp[ix"
# cookie_domain = ""
cookie_expire = "168h"
# cookie_refresh = ""
cookie_secure = true
cookie_httponly = true
## OAuth2 Proxy Config File
## https://github.com/bitly/oauth2_proxy
@mbland I'm using an apache server in the machine listening on *:8080 so, I don't have the nginx package installed but I have a webserver where I can ProxyPass after the succesfull login in Google.
from oauth2_proxy.
jos3k4
commented on August 20, 2024
@jehiah I leave here the output. I've tried avoid this problem, I've tested all the possibilities and it doesn't work correctly.
2015/06/15 12:42:53 validator.go:86: validating: is [email protected] valid? true
2015/06/15 12:42:53 oauthproxy.go:423: 10.1.3.9:56487 authenticating [email protected] completed
10.1.3.9 - - [15/Jun/2015:12:42:52 +0200] app.company.com GET - "/oauth2/callback?state=/&code=4/qVy6XrwX7y3Y8iGcKyGLVoTVkfOMzGrZZRuUCbzneLE" HTTP/1.1 "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" 302 24 0.854
2015/06/15 12:42:53 oauthproxy.go:241: http: named cookie not present
10.1.3.9 - - [15/Jun/2015:12:42:53 +0200] app.company.com GET - "/" HTTP/1.1 "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" 403 2286 0.000
2015/06/15 12:42:53 oauthproxy.go:241: http: named cookie not present
10.1.3.9 - - [15/Jun/2015:12:42:53 +0200] app.company.com GET - "/favicon.ico" HTTP/1.1 "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" 403 2297 0.000
Maybe this is what is causing problems
http: named cookie not present
from oauth2_proxy.
jehiah
commented on August 20, 2024
You have cookie secure set to true, but you do not have SSL configured (no certificate is set in your config). Do you have something in front of oauth2_proxy handling ssl?
from oauth2_proxy.
jos3k4
commented on August 20, 2024
Nope, I'm currently running only oauth2_proxy and apache web server listening on 8080 for receive the upstream, I've commented that line and I have the same problem.
from oauth2_proxy.
jehiah
commented on August 20, 2024
If you are not using ssl (I highly recommend it. Certs are free from https://www.startssl.com) you need to explicitly set cookie-secure=false.
from oauth2_proxy.
jos3k4
commented on August 20, 2024
@jehiah That was the problem, I don't know that I should set the value to false, Thanks a lot!
from oauth2_proxy.
Related Issues (20)
- GitHub Authentication keeps valid after user is removed from org or team HOT 1
- V2.2 is complaining about the google oauth Json file
- will oauth2_proxy support PUT HOT 2
- help with scope setting for okta HOT 1
- HTTP Basic Auth and set-xauthrequest HOT 4
- oauth2_proxy failing on the callback url using oidc provider HOT 1
- failing with oidc provider discovery object
- Safari is not sending cookies when doing CORS requests
- set response_mode
- Recent update of golang.org/x/oauth2/google libraries caused TestRequestSignaturePostRequest to fail
- OIDC provider disappeared in `v2.2` without any notice. HOT 1
- how to handle the callback url and get the login google emaill account? HOT 1
- htpasswd auth not working HOT 2
- Integrating oauth2_proxy with AWS Cognito HOT 3
- Microsoft Azure AD B2C Support
- user-configured redirect URL clobbered in oauthproxy.go HOT 5
- oidc and scope
- Restrict auth to specific Google groups returning Invalid Account HOT 1
- 404 not found on redirect HOT 1
- Cookie Path Defaults to Root '/' Even when Using "proxy-prefix" option
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oauth2_proxy.