-
Notifications
You must be signed in to change notification settings - Fork 4.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
support teleport jwt auth #17226
Comments
You can inject a JWT token into any header using headers passthrough. This works in all recent versions of Teleport. |
I know it, but my issue is that the JWT cannot be retrieved by Vault UI. |
Any news? |
https://developer.hashicorp.com/vault/docs/auth/jwt#configuration Did you add Vault UI as an application in Teleport? Did you also configure the correct header? For example: |
@tbjers i think the issue here is that vault doesn't understand JWT tokens sent in headers only as a payload |
Is your feature request related to a problem? Please describe.
I'm always frustrated when I use teleport as a reverse proxy for vault ui. Although vault ui already supports jwt auth, but teleport reverse proxy will send the jwt token as header
Teleport-Jwt-Assertion
to vault, but vault can't read the jwt header automatically.https://goteleport.com/docs/application-access/jwt/introduction/
Describe the solution you'd like
A clear and concise description of what you want to happen.
vault ui can read jwt token from header like grafana.
https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/jwt/
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Explain any additional use-cases
If there are any use-cases that would help us understand the use/need/value please share them as they can help us decide on acceptance and prioritization.
Additional context
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered: