-
-
Notifications
You must be signed in to change notification settings - Fork 408
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AuthCallback handlers aren't fired when using rules #237
Comments
I suspect this is a route order/priority problem in Server.buildRoutes:
It looks like Traefik's Router is based on Gorilla's Router, which means that:
With that in mind, consider the route order in
If all of these routes have the same priority, |
I wonder if the rule routes should be handled in two passes, one for An order like this is what I have in mind:
|
Hi - thanks for sticking with this one, you're correct in that this is a problem with the current implementation. My normal workaround is to ensure that rules don't match the callback/logout endpoint, but your proposed solution sounds really good! I'll keep this issue open to track. |
Was anybody able to fix this? i'm trying to add two different rules: # Rule secure which only allows admins to access security tools
- "--rule.secure.action=auth"
- "--rule.secure.rule=Host(`sub.example.com`) || Host(`sub2.example.com`)"
- "--rule.secure.whitelist=${FORWARD_AUTH_USER_EMAIL1},${FORWARD_AUTH_USER_EMAIL2}"
# Rule open which allows public access to certain domains
- "--rule.open.action=auth"
- "--rule.open.rule=Host(`open.example.com`) || Host(`open2.example.com`)" when i use whitelisted emails (without the rules), then everything works perfectly fine. But when i switch to the two rules, the google authentication results in an endless loop. what could be the issue? |
I would like to make use of #169 to provide host-specific domains and whitelists. Consider these two approaches:
In the above example, I would like to use rule-based configuration instead of global configuration.
When I use global configuration everything works.
When I use rule-based configuration the authorization process gets stuck in a loop. Logging shows that redirects are landing back in the
Auth
handler instead of theAuthCallback
handler like they should be. As a result, theAuth
process kicks the user back out to the authorization server whenever a redirect comes in. From the user's perspective, they're asked to select their account over and over again.The text was updated successfully, but these errors were encountered: