-
Notifications
You must be signed in to change notification settings - Fork 479
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot configure portal_auth_conf when using openid-connect for portal_auth #52
Comments
cc @rainest |
At present I can think of two options:
@hbagdi I'm in favor of the first option, as I don't think we have that many 0.35 users still. Assuming I don't find other complications when testing this, do you think the workaround for 0.35 users below is reasonable? Strictly speaking, the session plugin should at worst conflict with OIDC if they try to use the same cookie, which can only occur for Manager. The Portal code explicitly disables the session plugin configuration when using OIDC. When 0.35 originally introduced session-based authentication, it only allowed a single 0.36 fixed this and allowed per-workspace Portal session configuration. If we remove the dedicated setting, users enabling a Portal with At least as of 1.3, Kong will not start if |
As long as we can work around the breaking change and provide compatibility, we can put in this change. It is unfortunate that that there is so much change that happens at this layer in the configuration. Whatever solution you end up picking, keep your assumptions about behaviors of how various settings interact with each other to minimum, those details change frequently enough to correctly assume anything. |
Version 1.3.0 of the Kong chart is now released, resolving this issue. |
Looking at the values.yaml for enterprise portal, there isn't a way to configure
portal_auth_conf
whenportal _auth: openid-connect
. The only option, which is also required, is to provide asession_conf_secret
. According to the docs here: https://docs.konghq.com/enterprise/1.3-x/developer-portal/configuration/authentication/sessions/,session_conf
cannot be applied to openid-connect.The text was updated successfully, but these errors were encountered: