DEVHIDE
Login Or Sign up

Unauthorized error with oauth2-proxy´s allow-group flag

1.3k Views Asked by At

I am using oauth2 to handle the authentication/authorization via a company´s SSO provider of a web app running in k8. The authentication works like a charm, however, once enable authorization for a specific group ( here: "ADMIN"), I always get a 403 - Forbidden "Invalid session: unauthorized" error.

Version: quay.io/oauth2-proxy/oauth2-proxy:v7.3.0

SSO Provider: oidc

My setup:

extraArgs:
  show-debug-on-error: True
  oidc-groups-claim: "ent_group"
  allowed-group: ["ADMIN"]
  oidc-email-claim: "email"
  scope: "openid ent_group"
  whitelist-domain: ...
  cookie-domain: ...

It matches the response from the SSO provider when tested with Postman:

{
    "email": "[email protected]",
    "entitlement_group": [
        "ADMIN",
        "USER"
    ],
    "app_id": "app"
}

What do I do wrong?

kubernetes oauth-2.0 openid-connect oauth2-proxy quay.io
Original Q&A
0

There are 0 best solutions below

Related Questions in KUBERNETES

Related Questions in OAUTH-2.0

Related Questions in OPENID-CONNECT

Related Questions in OAUTH2-PROXY

Related Questions in QUAY.IO

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.