HA-Proxy Ingress: *.cluster.local is not under the protected domain #7196
-
Versionv4.37.5 Deployment MethodKubernetes Reverse ProxyHAProxy Reverse Proxy Version2.4.25 DescriptionI added the following annotations to my Ingress-Ressource: In Authelia Logging I see this Log: I played a bit with the annotation and change the auth-url to the external reachable domain: Works! But I dont want the traffic to route over the internet... Is there a way to disable the check or maybe add the internal domain to a list of exceptions? ReproductionTo reproduce you have to install the ha-proxy-ingress from https://haproxy-ingress.github.io/ and configure the proxy to enable external-auth. ExpectationsI would expect authelia to recognize the domain pattern and to not go into an error state. Configuration (Authelia)No response Build InformationLast Tag: v4.37.5
State: tagged clean
Branch: v4.37.5
Commit: 566a0d7fc71b450123ad33d350cd3890d311da82
Build Number: 17068
Build OS: linux
Build Arch: amd64
Build Date: Wed, 21 Dec 2022 19:54:54 +1100
Extra: Logs (Authelia)time="2024-04-17T04:51:17Z" level=warning msg="Configuration: access control: no rules have been specified so the 'default_policy' of 'two_factor' is going to be applied to all requests"
time="2024-04-17T04:51:17Z" level=info msg="Authelia v4.37.5 is starting"
time="2024-04-17T04:51:17Z" level=info msg="Log severity set to debug"
{"level":"info","msg":"Storage schema is being checked for updates","time":"2024-04-17T04:51:17Z"}
{"level":"info","msg":"Storage schema is already up to date","time":"2024-04-17T04:51:17Z"}
{"level":"debug","msg":"LDAP Supported OIDs. Control Types: 1.3.6.1.4.1.4203.1.9.1.1, 2.16.840.1.113730.3.4.18, 2.16.840.1.113730.3.4.2, 1.3.6.1.4.1.4203.1.10.1, 1.3.6.1.1.22, 1.2.840.113556.1.4.319, 1.2.826.0.1.3344810.2.3, 1.3.6.1.1.13.2, 1.3.6.1.1.13.1, 1.3.6.1.1.12. Extensions: 1.3.6.1.4.1.1466.20037, 1.3.6.1.4.1.4203.1.11.1, 1.3.6.1.4.1.4203.1.11.3, 1.3.6.1.1.8, 1.3.6.1.1.21.3, 1.3.6.1.1.21.1","time":"2024-04-17T04:51:17Z"}
{"level":"debug","msg":"Notifier SMTP client attempting connection to mail.guided-traffic.com:465","time":"2024-04-17T04:51:17Z"}
{"level":"debug","msg":"Notifier SMTP client using submissions port 465. Make sure the mail server you are connecting to is configured for submissions and not SMTPS.","time":"2024-04-17T04:51:17Z"}
{"level":"debug","msg":"Notifier SMTP client connected successfully","time":"2024-04-17T04:51:18Z"}
{"level":"debug","msg":"Notifier SMTP connection is already encrypted, skipping STARTTLS","time":"2024-04-17T04:51:18Z"}
{"level":"debug","msg":"Notifier SMTP server supports authentication with the following mechanisms: PLAIN LOGIN","time":"2024-04-17T04:51:18Z"}
{"level":"debug","msg":"Notifier SMTP client attempting AUTH PLAIN with server","time":"2024-04-17T04:51:18Z"}
{"level":"debug","msg":"Notifier SMTP client authenticated successfully with the server","time":"2024-04-17T04:51:18Z"}
{"level":"warning","msg":"Could not read from the NTP server socket to validate the system time is properly synchronized: read udp 10.252.213.211:59729-\u003e162.159.200.1:123: i/o timeout","time":"2024-04-17T04:51:23Z"}
{"level":"info","msg":"Initializing server (metrics) for non-TLS connections on '[::]:9959' path '/metrics'","time":"2024-04-17T04:51:23Z"}
{"level":"info","msg":"Initializing server for non-TLS connections on '[::]:9091' path '/'","time":"2024-04-17T04:51:23Z"}
{"level":"error","method":"GET","msg":"Scheme of target URL http://authelia.authelia.svc.cluster.local/api/verify must be secure since cookies are only transported over a secure connection for security reasons","path":"/api/verify","remote_ip":"10.252.237.172","stack":[{"File":"github.com/authelia/authelia/v4/internal/handlers/handler_verify.go","Line":451,"Name":"VerifyGET.func1"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/bridge.go","Line":54,"Name":"(*BridgeBuilder).Build.func1.1"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/headers.go","Line":16,"Name":"SecurityHeaders.func1"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/metrics.go","Line":40,"Name":"NewMetricsVerifyRequest.func1.1"},{"File":"github.com/fasthttp/router@v1.4.14/router.go","Line":427,"Name":"(*Router).Handler"},{"File":"github.com/valyala/fasthttp@v1.43.0/http.go","Line":154,"Name":"(*Response).StatusCode"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/metrics.go","Line":22,"Name":"NewMetricsRequest.func1.1"},{"File":"github.com/valyala/fasthttp@v1.43.0/server.go","Line":2338,"Name":"(*Server).serveConn"},{"File":"github.com/valyala/fasthttp@v1.43.0/workerpool.go","Line":224,"Name":"(*workerPool).workerFunc"},{"File":"github.com/valyala/fasthttp@v1.43.0/workerpool.go","Line":196,"Name":"(*workerPool).getCh.func1"},{"File":"runtime/asm_amd64.s","Line":1594,"Name":"goexit"}],"time":"2024-04-17T06:23:02Z"}
{"level":"error","method":"GET","msg":"Target URL https://authelia.authelia.svc.cluster.local/api/verify is not under the protected domain EXAMPLE.de","path":"/api/verify","remote_ip":"127.0.0.1","stack":[{"File":"github.com/authelia/authelia/v4/internal/handlers/handler_verify.go","Line":459,"Name":"VerifyGET.func1"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/bridge.go","Line":54,"Name":"(*BridgeBuilder).Build.func1.1"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/headers.go","Line":16,"Name":"SecurityHeaders.func1"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/metrics.go","Line":40,"Name":"NewMetricsVerifyRequest.func1.1"},{"File":"github.com/fasthttp/router@v1.4.14/router.go","Line":427,"Name":"(*Router).Handler"},{"File":"github.com/valyala/fasthttp@v1.43.0/http.go","Line":154,"Name":"(*Response).StatusCode"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/metrics.go","Line":22,"Name":"NewMetricsRequest.func1.1"},{"File":"github.com/valyala/fasthttp@v1.43.0/server.go","Line":2338,"Name":"(*Server).serveConn"},{"File":"github.com/valyala/fasthttp@v1.43.0/workerpool.go","Line":224,"Name":"(*workerPool).workerFunc"},{"File":"github.com/valyala/fasthttp@v1.43.0/workerpool.go","Line":196,"Name":"(*workerPool).getCh.func1"},{"File":"runtime/asm_amd64.s","Line":1594,"Name":"goexit"}],"time":"2024-04-17T06:23:46Z"}
{"level":"debug","method":"GET","msg":"Checking the authentication backend for an updated profile for user hans.fischer","path":"/api/verify","remote_ip":"188.XX.XX.XX","time":"2024-04-17T06:30:35Z"}
{"level":"debug","msg":"Check authorization of subject username=hans.fischer groups= ip=188.XX.XX.XX and object https://auth.EXAMPLE.de/api/verify (method ).","time":"2024-04-17T06:30:35Z"}
{"level":"debug","msg":"No matching rule for subject username=hans.fischer groups= ip=188.XX.XX.XX and url https://auth.EXAMPLE.de/api/verify (method ) applying default policy","time":"2024-04-17T06:30:35Z"}
{"level":"debug","msg":"Check authorization of subject username=hans.fischer groups= ip=188.XX.XX.XX and object https://auth.EXAMPLE.de/api/verify (method ).","time":"2024-04-17T06:30:40Z"}
{"level":"debug","msg":"No matching rule for subject username=hans.fischer groups= ip=188.XX.XX.XX and url https://auth.EXAMPLE.de/api/verify (method ) applying default policy","time":"2024-04-17T06:30:40Z"}
{"level":"debug","msg":"Check authorization of subject username=hans.fischer groups= ip=188.XX.XX.XX and object https://auth.EXAMPLE.de/api/verify (method ).","time":"2024-04-17T06:31:11Z"}
{"level":"debug","msg":"No matching rule for subject username=hans.fischer groups= ip=188.XX.XX.XX and url https://auth.EXAMPLE.de/api/verify (method ) applying default policy","time":"2024-04-17T06:31:11Z"}
{"level":"error","method":"GET","msg":"Target URL https://authelia.authelia.svc.cluster.local/api/verify is not under the protected domain EXAMPLE.de","path":"/api/verify","remote_ip":"127.0.0.1","stack":[{"File":"github.com/authelia/authelia/v4/internal/handlers/handler_verify.go","Line":459,"Name":"VerifyGET.func1"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/bridge.go","Line":54,"Name":"(*BridgeBuilder).Build.func1.1"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/headers.go","Line":16,"Name":"SecurityHeaders.func1"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/metrics.go","Line":40,"Name":"NewMetricsVerifyRequest.func1.1"},{"File":"github.com/fasthttp/router@v1.4.14/router.go","Line":427,"Name":"(*Router).Handler"},{"File":"github.com/valyala/fasthttp@v1.43.0/http.go","Line":154,"Name":"(*Response).StatusCode"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/metrics.go","Line":22,"Name":"NewMetricsRequest.func1.1"},{"File":"github.com/valyala/fasthttp@v1.43.0/server.go","Line":2338,"Name":"(*Server).serveConn"},{"File":"github.com/valyala/fasthttp@v1.43.0/workerpool.go","Line":224,"Name":"(*workerPool).workerFunc"},{"File":"github.com/valyala/fasthttp@v1.43.0/workerpool.go","Line":196,"Name":"(*workerPool).getCh.func1"},{"File":"runtime/asm_amd64.s","Line":1594,"Name":"goexit"}],"time":"2024-04-17T06:32:15Z"}
{"level":"debug","method":"GET","msg":"Checking the authentication backend for an updated profile for user hans.fischer","path":"/api/verify","remote_ip":"188.XX.XX.XX","time":"2024-04-17T06:46:33Z"}
{"level":"debug","msg":"Check authorization of subject username=hans.fischer groups= ip=188.XX.XX.XX and object https://auth.EXAMPLE.de/api/verify (method ).","time":"2024-04-17T06:46:33Z"}
{"level":"debug","msg":"No matching rule for subject username=hans.fischer groups= ip=188.XX.XX.XX and url https://auth.EXAMPLE.de/api/verify (method ) applying default policy","time":"2024-04-17T06:46:33Z"}
{"level":"debug","msg":"Check authorization of subject username= groups= ip=49.13.144.89 and object https://auth.EXAMPLE.de/api/verify (method ).","time":"2024-04-17T06:47:25Z"}
{"level":"debug","msg":"No matching rule for subject username= groups= ip=49.13.144.89 and url https://auth.EXAMPLE.de/api/verify (method ) applying default policy","time":"2024-04-17T06:47:25Z"}
{"level":"info","method":"GET","msg":"Access to https://auth.EXAMPLE.de/api/verify (method unknown) is not authorized to user \u003canonymous\u003e, responding with status code 401","path":"/api/verify","remote_ip":"49.13.144.89","time":"2024-04-17T06:47:25Z"}
{"level":"error","method":"GET","msg":"Scheme of target URL http://authelia.authelia.svc.cluster.local/api/verify must be secure since cookies are only transported over a secure connection for security reasons","path":"/api/verify","remote_ip":"10.252.237.172","stack":[{"File":"github.com/authelia/authelia/v4/internal/handlers/handler_verify.go","Line":451,"Name":"VerifyGET.func1"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/bridge.go","Line":54,"Name":"(*BridgeBuilder).Build.func1.1"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/headers.go","Line":16,"Name":"SecurityHeaders.func1"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/metrics.go","Line":40,"Name":"NewMetricsVerifyRequest.func1.1"},{"File":"github.com/fasthttp/router@v1.4.14/router.go","Line":427,"Name":"(*Router).Handler"},{"File":"github.com/valyala/fasthttp@v1.43.0/http.go","Line":154,"Name":"(*Response).StatusCode"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/metrics.go","Line":22,"Name":"NewMetricsRequest.func1.1"},{"File":"github.com/valyala/fasthttp@v1.43.0/server.go","Line":2338,"Name":"(*Server).serveConn"},{"File":"github.com/valyala/fasthttp@v1.43.0/workerpool.go","Line":224,"Name":"(*workerPool).workerFunc"},{"File":"github.com/valyala/fasthttp@v1.43.0/workerpool.go","Line":196,"Name":"(*workerPool).getCh.func1"},{"File":"runtime/asm_amd64.s","Line":1594,"Name":"goexit"}],"time":"2024-04-17T06:48:00Z"}
{"level":"debug","method":"GET","msg":"Checking the authentication backend for an updated profile for user hans.fischer","path":"/api/verify","remote_ip":"188.XX.XX.XX","time":"2024-04-17T06:57:25Z"}
{"level":"debug","msg":"Check authorization of subject username=hans.fischer groups= ip=188.XX.XX.XX and object https://auth.EXAMPLE.de/api/verify (method ).","time":"2024-04-17T06:57:25Z"}
{"level":"debug","msg":"No matching rule for subject username=hans.fischer groups= ip=188.XX.XX.XX and url https://auth.EXAMPLE.de/api/verify (method ) applying default policy","time":"2024-04-17T06:57:25Z"}
{"level":"error","method":"GET","msg":"Target URL https://authelia.authelia.svc.cluster.local/api/verify is not under the protected domain EXAMPLE.de","path":"/api/verify","remote_ip":"127.0.0.1","stack":[{"File":"github.com/authelia/authelia/v4/internal/handlers/handler_verify.go","Line":459,"Name":"VerifyGET.func1"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/bridge.go","Line":54,"Name":"(*BridgeBuilder).Build.func1.1"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/headers.go","Line":16,"Name":"SecurityHeaders.func1"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/metrics.go","Line":40,"Name":"NewMetricsVerifyRequest.func1.1"},{"File":"github.com/fasthttp/router@v1.4.14/router.go","Line":427,"Name":"(*Router).Handler"},{"File":"github.com/valyala/fasthttp@v1.43.0/http.go","Line":154,"Name":"(*Response).StatusCode"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/metrics.go","Line":22,"Name":"NewMetricsRequest.func1.1"},{"File":"github.com/valyala/fasthttp@v1.43.0/server.go","Line":2338,"Name":"(*Server).serveConn"},{"File":"github.com/valyala/fasthttp@v1.43.0/workerpool.go","Line":224,"Name":"(*workerPool).workerFunc"},{"File":"github.com/valyala/fasthttp@v1.43.0/workerpool.go","Line":196,"Name":"(*workerPool).getCh.func1"},{"File":"runtime/asm_amd64.s","Line":1594,"Name":"goexit"}],"time":"2024-04-17T07:00:50Z"}
{"level":"debug","method":"GET","msg":"Checking the authentication backend for an updated profile for user hans.fischer","path":"/api/verify","remote_ip":"49.13.144.89","time":"2024-04-17T07:02:29Z"}
{"level":"debug","msg":"Check authorization of subject username=hans.fischer groups= ip=49.13.144.89 and object https://auth.EXAMPLE.de/api/verify (method ).","time":"2024-04-17T07:02:29Z"}
{"level":"debug","msg":"No matching rule for subject username=hans.fischer groups= ip=49.13.144.89 and url https://auth.EXAMPLE.de/api/verify (method ) applying default policy","time":"2024-04-17T07:02:29Z"}
{"level":"debug","msg":"Check authorization of subject username=hans.fischer groups= ip=49.13.144.89 and object https://auth.EXAMPLE.de/api/verify (method ).","time":"2024-04-17T07:02:34Z"}
{"level":"debug","msg":"No matching rule for subject username=hans.fischer groups= ip=49.13.144.89 and url https://auth.EXAMPLE.de/api/verify (method ) applying default policy","time":"2024-04-17T07:02:34Z"}
{"level":"debug","msg":"Check authorization of subject username=hans.fischer groups= ip=49.13.144.89 and object https://auth.EXAMPLE.de/api/verify (method ).","time":"2024-04-17T07:02:35Z"}
{"level":"debug","msg":"No matching rule for subject username=hans.fischer groups= ip=49.13.144.89 and url https://auth.EXAMPLE.de/api/verify (method ) applying default policy","time":"2024-04-17T07:02:35Z"}
{"level":"debug","msg":"Check authorization of subject username=hans.fischer groups= ip=49.13.144.89 and object https://auth.EXAMPLE.de/api/verify (method ).","time":"2024-04-17T07:03:03Z"}
{"level":"debug","msg":"No matching rule for subject username=hans.fischer groups= ip=49.13.144.89 and url https://auth.EXAMPLE.de/api/verify (method ) applying default policy","time":"2024-04-17T07:03:03Z"}
{"level":"debug","msg":"Check authorization of subject username=hans.fischer groups= ip=49.13.144.89 and object https://auth.EXAMPLE.de/api/verify (method ).","time":"2024-04-17T07:03:03Z"}
{"level":"debug","msg":"No matching rule for subject username=hans.fischer groups= ip=49.13.144.89 and url https://auth.EXAMPLE.de/api/verify (method ) applying default policy","time":"2024-04-17T07:03:03Z"}
{"level":"debug","msg":"Check authorization of subject username=hans.fischer groups= ip=49.13.144.89 and object https://auth.EXAMPLE.de/api/verify (method ).","time":"2024-04-17T07:03:03Z"}
{"level":"debug","msg":"No matching rule for subject username=hans.fischer groups= ip=49.13.144.89 and url https://auth.EXAMPLE.de/api/verify (method ) applying default policy","time":"2024-04-17T07:03:03Z"}
{"level":"debug","msg":"Check authorization of subject username=hans.fischer groups= ip=49.13.144.89 and object https://auth.EXAMPLE.de/api/verify (method ).","time":"2024-04-17T07:03:03Z"}
{"level":"debug","msg":"No matching rule for subject username=hans.fischer groups= ip=49.13.144.89 and url https://auth.EXAMPLE.de/api/verify (method ) applying default policy","time":"2024-04-17T07:03:03Z"}
{"level":"debug","msg":"Check authorization of subject username=hans.fischer groups= ip=49.13.144.89 and object https://auth.EXAMPLE.de/api/verify (method ).","time":"2024-04-17T07:03:03Z"}
{"level":"debug","msg":"No matching rule for subject username=hans.fischer groups= ip=49.13.144.89 and url https://auth.EXAMPLE.de/api/verify (method ) applying default policy","time":"2024-04-17T07:03:03Z"}
{"level":"debug","msg":"Check authorization of subject username=hans.fischer groups= ip=49.13.144.89 and object https://auth.EXAMPLE.de/api/verify (method ).","time":"2024-04-17T07:03:03Z"}
{"level":"debug","msg":"No matching rule for subject username=hans.fischer groups= ip=49.13.144.89 and url https://auth.EXAMPLE.de/api/verify (method ) applying default policy","time":"2024-04-17T07:03:03Z"}
{"level":"debug","msg":"Check authorization of subject username=hans.fischer groups= ip=49.13.144.89 and object https://auth.EXAMPLE.de/api/verify (method ).","time":"2024-04-17T07:03:03Z"}
{"level":"debug","msg":"No matching rule for subject username=hans.fischer groups= ip=49.13.144.89 and url https://auth.EXAMPLE.de/api/verify (method ) applying default policy","time":"2024-04-17T07:03:03Z"}
{"level":"debug","msg":"Check authorization of subject username=hans.fischer groups= ip=49.13.144.89 and object https://auth.EXAMPLE.de/api/verify (method ).","time":"2024-04-17T07:03:03Z"}
{"level":"debug","msg":"No matching rule for subject username=hans.fischer groups= ip=49.13.144.89 and url https://auth.EXAMPLE.de/api/verify (method ) applying default policy","time":"2024-04-17T07:03:03Z"}
{"level":"debug","msg":"Check authorization of subject username=hans.fischer groups= ip=49.13.144.89 and object https://auth.EXAMPLE.de/api/verify (method ).","time":"2024-04-17T07:03:08Z"}
{"level":"debug","msg":"No matching rule for subject username=hans.fischer groups= ip=49.13.144.89 and url https://auth.EXAMPLE.de/api/verify (method ) applying default policy","time":"2024-04-17T07:03:08Z"}
{"level":"debug","msg":"Check authorization of subject username=hans.fischer groups= ip=49.13.144.89 and object https://auth.EXAMPLE.de/api/verify (method ).","time":"2024-04-17T07:03:08Z"}
{"level":"debug","msg":"No matching rule for subject username=hans.fischer groups= ip=49.13.144.89 and url https://auth.EXAMPLE.de/api/verify (method ) applying default policy","time":"2024-04-17T07:03:08Z"}
{"level":"debug","msg":"Check authorization of subject username= groups= ip=49.13.144.89 and object https://auth.EXAMPLE.de/api/verify (method ).","time":"2024-04-17T07:03:18Z"}
{"level":"debug","msg":"No matching rule for subject username= groups= ip=49.13.144.89 and url https://auth.EXAMPLE.de/api/verify (method ) applying default policy","time":"2024-04-17T07:03:18Z"}
{"level":"info","method":"GET","msg":"Access to https://auth.EXAMPLE.de/api/verify (method unknown) is not authorized to user \u003canonymous\u003e, responding with status code 401","path":"/api/verify","remote_ip":"49.13.144.89","time":"2024-04-17T07:03:18Z"}
{"level":"debug","method":"POST","msg":"Mark 1FA authentication attempt made by user 'hans.fischer'","path":"/api/firstfactor","remote_ip":"188.XX.XX.XX","time":"2024-04-17T07:03:24Z"}
{"level":"debug","method":"POST","msg":"Successful 1FA authentication attempt made by user 'hans.fischer'","path":"/api/firstfactor","remote_ip":"188.XX.XX.XX","time":"2024-04-17T07:03:24Z"}
{"level":"debug","method":"POST","msg":"Mark Webauthn authentication attempt made by user 'hans.fischer'","path":"/api/secondfactor/webauthn/assertion","remote_ip":"188.XX.XX.XX","time":"2024-04-17T07:03:27Z"}
{"level":"debug","method":"POST","msg":"Successful Webauthn authentication attempt made by user 'hans.fischer'","path":"/api/secondfactor/webauthn/assertion","remote_ip":"188.XX.XX.XX","time":"2024-04-17T07:03:27Z"}
{"level":"debug","msg":"Check authorization of subject username=hans.fischer groups= ip=49.13.144.89 and object https://auth.EXAMPLE.de/api/verify (method ).","time":"2024-04-17T07:03:31Z"}
{"level":"debug","msg":"No matching rule for subject username=hans.fischer groups= ip=49.13.144.89 and url https://auth.EXAMPLE.de/api/verify (method ) applying default policy","time":"2024-04-17T07:03:31Z"} Logs (Proxy / Application)No response DocumentationNo response Pre-Submission Checklist
|
Beta Was this translation helpful? Give feedback.
Replies: 5 comments
-
Please note this response was created using generative AI leveraging previously available information from the repository. This information may be helpful however it is our strong recommendation that you carefully consider the information before blindly applying it. Based on the error message you provided, it seems that Authelia is rejecting the request because the target URL To resolve this issue, you have a couple of options:
Given your requirements and setup, modifying Authelia's configuration to recognize the internal service URL or adjusting the network configuration to route internal traffic properly without going over the internet might be the most suitable solutions. This comment was generated by Glime. |
Beta Was this translation helpful? Give feedback.
-
See the headers required (which must be set from the original request) for this authorization mechanism: https://www.authelia.com/reference/guides/proxy-authorization/#legacy This will need either a configuration fix or a fix from haproxy-ingress. |
Beta Was this translation helpful? Give feedback.
-
Looks like something they support configuring via the headers option at their end: jcmoraisjr/haproxy-ingress#926 I've also updated the previously posted example to reflect this for the 4.38 forward auth endpoint: #2411 (comment) |
Beta Was this translation helpful? Give feedback.
-
Converting to a discussion, this clearly isn't a bug on our end looking at the headers they set. |
Beta Was this translation helpful? Give feedback.
Looks like something they support configuring via the headers option at their end: jcmoraisjr/haproxy-ingress#926
I've also updated the previously posted example to reflect this for the 4.38 forward auth endpoint: #2411 (comment)