authelia: HTTP Basic Auth not working as expected for nginx-ingress / kubernetes
Authelia is used inside kubernetes to protecd some services used by endusers with browser. Its working nice.
Additional some technical services has to be protected. At this time these are protected by http basic auth. Ingress looks like https://kubernetes.github.io/ingress-nginx/examples/auth/basic/
Watch at curl resonse:
WWW-Authenticate: Basic realm="Authentication Required - foo"
Now I want to replace this with an authelia basic auth protection like https://kubernetes.github.io/ingress-nginx/examples/auth/external-auth/
My curl response does not contain WWW-Authenticate so that the browser never shows up the login popup.
Second step is more technial and i may not understand it completley.
If i authorize mysqlf with
curl https://domain.tld" -u "user:pass"
the information abaout the user does not show up in authelia logs.
At this point i would like to see an example how to paramterize nginx-ingress to put the basic auth credentials into the right header and format.
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 19 (14 by maintainers)
Commits related to this issue
- [FEATURE] Add auth query param to /api/verify (#1353) When `/api/verify` is called with `?auth=basic`, use the standard Authorization header instead of ProxyAuthorization. — committed to ThinkChaos/authelia by ThinkChaos 4 years ago
- [FEATURE] Add auth query param to /api/verify (#1353) When `/api/verify` is called with `?auth=basic`, use the standard Authorization header instead of Proxy-Authorization. — committed to ThinkChaos/authelia by ThinkChaos 4 years ago
- [FEATURE] Add auth query param to /api/verify (#1353) When `/api/verify` is called with `?auth=basic`, use the standard Authorization header instead of Proxy-Authorization. — committed to ThinkChaos/authelia by ThinkChaos 4 years ago
- [FEATURE] Add auth query param to /api/verify (#1353) When `/api/verify` is called with `?auth=basic`, use the standard Authorization header instead of Proxy-Authorization. — committed to ThinkChaos/authelia by ThinkChaos 4 years ago
- [FEATURE] Add auth query param to /api/verify (#1353) When `/api/verify` is called with `?auth=basic`, use the standard Authorization header instead of Proxy-Authorization. — committed to ThinkChaos/authelia by ThinkChaos 4 years ago
- [FEATURE] Add auth query param to /api/verify (#1353) When `/api/verify` is called with `?auth=basic`, use the standard Authorization header instead of Proxy-Authorization. — committed to ThinkChaos/authelia by ThinkChaos 4 years ago
- [FEATURE] Add auth query param to /api/verify (#1353) When `/api/verify` is called with `?auth=basic`, use the standard Authorization header instead of Proxy-Authorization. — committed to ThinkChaos/authelia by ThinkChaos 4 years ago
- [FEATURE] Add auth query param to /api/verify (#1353) When `/api/verify` is called with `?auth=basic`, use the standard Authorization header instead of Proxy-Authorization. — committed to ThinkChaos/authelia by ThinkChaos 4 years ago
- feat(handlers): authorization header switch via query param to /api/verify (#1563) * [FEATURE] Add auth query param to /api/verify (#1353) When `/api/verify` is called with `?auth=basic`, use the ... — committed to authelia/authelia by ThinkChaos 3 years ago
@ThinkChaos done.
Just to add context, the reason we choose to allow basic auth against Authelia with the
Proxy-Authorizationheader as opposedAuthorizationis so that the client can authenticate against Authelia and if required the protected resource too both in one hit.