-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[AuthFailure] Invalid authentication via OAuth2: unauthorized #814
Comments
Seems the provider does only actually support one group oauth2-proxy/providers/keycloak.go Lines 62 to 64 in f705d2b
@NickMeves has been doing some work to unify how groups are handled across providers recently, I wonder if he'd noticed this already? Or has any ideas about how we can fix this by aligning with other providers? |
@JoelSpeed and @NickMeves , Thank you for your responses!! Could you please let me know when this will be resolved? And also, let me know if you think that I can use the "--keycloak-roles" option for my scenario, as an alternative?? Thanks again!! :D Regards, |
This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed. |
Hi guys, Could you please provide some updates on this issue? And also, I have observed that the 6.x.x release has removed the options "--allowed-group" (for OIDC provider), "--oidc-groups-claim" and the "--keycloak-group" (for keycloak provider) removed from the documentation. Will they be added in the next release?? Thanks in advance! |
All of this stuff was never meant to be in the 6.x.x docs. It will be available from the next release 😄 If you look at the top right of the docs site it should have a drop down that allows you to select between the current and "Next" docs. All the new options should show up in those "Next" docs |
@JoelSpeed Thanks for your quick response! :D So, from what I understand, the "--keycloak-group", "--allowed-group" and "--oidc-groups-claim" options will not be available from the next release?? |
Yes, these should be available in v7.0.0 which is coming mid-late Jan according to the current schedule |
Thanks for the update @JoelSpeed :D we are looking forward to try the new version out! |
This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed. |
Hi,
We are trying to do group authentication with keycloak via oauth2_proxy. We have multiple groups configured in keycloak and the expected behavior would be to give access to different tools via different groups.
Our configuration:
Expected Behavior
Current Behavior
2020/10/05 13:58:12] [requests.go:25] 200 GET https://xxx/auth/realms/realm-name/protocol/openid-connect/userinfo {"sub":"","email_verified":false,"name":"Sunny","groups":["/jenkins"],"preferred_username":"sunny","given_name":"sunny","family_name":"N","email":"sunny@example.com"}
[2020/10/05 13:58:12] [keycloak.go:80] group not found, access denied
100.100.1.38 - - [2020/10/05 13:58:12] [AuthFailure] Invalid authentication via OAuth2: unauthorized
In the browser, we are getting 403 Permission denied error
Your Environment
We are running this on kubernetes platform with the following tools and versions
Thanks for your time in advance!!
The text was updated successfully, but these errors were encountered: