Ingress-nginx: OAuth not setting cookie properly with rd= set

Created on 14 May 2018  路  6Comments  路  Source: kubernetes/ingress-nginx

NGINX Ingress controller version: 0.14

Kubernetes version (use kubectl version):
1.9.7-gke.0

Environment:

  • Cloud provider or hardware configuration: Google container engine
  • OS (e.g. from /etc/os-release):
  • Kernel (e.g. uname -a):
  • Install tools:
  • Others:

What happened:

external auth fails to set a cookie when ?rd=... is added to signin_url - If I remove it after the redirect login works properly

What you expected to happen:

OAuth2 proxy flow to allow me to log into the site

How to reproduce it (as minimally and precisely as possible):
Followed the https://kubernetes.github.io/ingress-nginx/examples/auth/oauth-external-auth/README/ guide to set up oauth2 proxy and two ingresses.

Anything else we need to know:

Seems PR #1164 added ?rd= to signin_url - This causes the authentication cookie to not be set for me. There are also other people commenting that they have the same issue after this PR.

picture marcusramberg
👍1

Most helpful comment

Same for me, the OAuth2 proxy didn't work anymore after #1164 For some reasons I cant remember, I was led to believe this is related to https://github.com/bitly/oauth2_proxy/pull/427

Anyway, the simple fix for me was to s/error_page 401 = {{ buildAuthSignURL $location.ExternalAuth.SigninURL }};/error_page 401 = {{ $location.ExternalAuth.SigninURL }};/ in rootfs/etc/nginx/template/nginx.tmpl

picture JordanP on 16 May 2018
👍2

All 6 comments

Same for me, the OAuth2 proxy didn't work anymore after #1164 For some reasons I cant remember, I was led to believe this is related to https://github.com/bitly/oauth2_proxy/pull/427

Anyway, the simple fix for me was to s/error_page 401 = {{ buildAuthSignURL $location.ExternalAuth.SigninURL }};/error_page 401 = {{ $location.ExternalAuth.SigninURL }};/ in rootfs/etc/nginx/template/nginx.tmpl

JordanP picture JordanP on 16 May 2018
👍2

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

fejta-bot picture fejta-bot on 14 Aug 2018
😕1

This is still an issue in 0.18. Just tested. Not sure how I remove the stale flag.

marcusramberg picture marcusramberg on 21 Aug 2018

/remove-lifecycle stale

audun picture audun on 21 Aug 2018

Using the config change in described in https://github.com/kubernetes/ingress-nginx/pull/2741 solved the issue.

/close

audun picture audun on 21 Aug 2018

@audun: you can't close an active issue unless you authored it or you are assigned to it, Can only assign issues to org members and/or repo collaborators..

In response to this:

Using the config change in described in https://github.com/kubernetes/ingress-nginx/pull/2741 solved the issue.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot picture k8s-ci-robot on 21 Aug 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

cabrinoob picture cabrinoob  路  3Comments
vdavidoff picture vdavidoff  路  3Comments
jwfang picture jwfang  路  3Comments
smeruelo picture smeruelo  路  3Comments
bashofmann picture bashofmann  路  3Comments