caddy-security: `auth provider returned error, user authorization failed` being spammed in Caddy log
Describe the issue I’m trying to migrate my config over to Caddy Security, and I think I have most things working now, but I’m getting this message constantly spammed in Caddy’s log:
{"level":"error","ts":1642791051.2186432,"logger":"http.handlers.authentication","msg":"auth provider returned error","provider":"authorizer","error":"user authorization failed"}
The interesting thing is, it doesn’t seem to affect the functionality, because I’m able to login just fine.
Configuration
{ # Global configuration
acme_dns cloudflare REDACTED
email REDACTED
order authorize before reverse_proxy
order authenticate before authorize
security {
credentials email smtp.sendgrid.net {
address smtp.sendgrid.net:587
protocol smtp
username {env.SMTP_USERNAME}
password {env.SMTP_PASSWORD}
}
authentication portal myportal {
crypto default token lifetime 3600
# crypto key sign-verify {env.JWT_SECRET}
backend local /etc/caddy/auth/local/users.json local
cookie domain haddock.cc
ui {
links { # Icons here -> https://icons8.com/line-awesome
"Cloud" https://cloud.haddock.cc icon "las la-cloud"
"Media" https://media.haddock.cc icon "las la-photo-video"
"Get TV Shows" https://tv.haddock.cc icon "las la-tv"
"Get Movies" https://movies.haddock.cc icon "las la-video"
}
}
transform user {
match origin local
action add role authp/user
ui link "Portal Settings" /settings icon "las la-cog"
}
}
authorization policy mypolicy {
set auth url https://auth.haddock.cc/
allow roles authp/admin authp/user
}
}
# }
# crowdsec {
# api_url http://crowdsec:8180/
# api_key REDACTED
# ticker_interval 15s
# }
}
auth.haddock.cc {
authenticate * with myportal
}
cloud.haddock.cc {
authorize with mypolicy
reverse_proxy nextcloud:80 {
header_down Strict-Transport-Security "max-age=15552000; includeSubDomains"
}
rewrite /.well-known/carddav /remote.php/dav
rewrite /.well-known/caldav /remote.php/dav
}
media.haddock.cc {
authorize with mypolicy
reverse_proxy jellyfin:8096
}
indexers.haddock.cc { # Prowlarr
authorize with mypolicy
reverse_proxy prowlarr:9696
}
tv.haddock.cc { # Sonarr
authorize with mypolicy
reverse_proxy sonarr:8989
}
movies.haddock.cc { # Radarr
authorize with mypolicy
reverse_proxy radarr:7878
}
localhost:8112 { # QBittorrent
reverse_proxy torrent:8080
}
Version Information
crowdsec v0.2.0
dns.providers.cloudflare v0.0.0-20210607183747-91cf700356a1
http.authentication.providers.authorizer v1.0.1
http.handlers.authenticator v1.0.1
http.handlers.crowdsec v0.2.0
layer4 v0.0.0-20201230212151-6587f40d4eb6
layer4.matchers.crowdsec v0.2.0
layer4.matchers.ip v0.0.0-20201230212151-6587f40d4eb6
security v1.0.1
Expected behavior The Caddy log isn’t filled up with the error.
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Reactions: 1
- Comments: 33 (19 by maintainers)
@poperigby , actually, the current version works. Compile the binary with
caddy-traceand add the following:Add the trace directive to all your “authorized” endpoint. Please send me “secret” gist over email.
@poperigby , I got the logs. I will release a new version of
caddy-trace(currenttraceversion would not work). You would need to enable it in this fashion.Will ping you back when ready.
@lumbo7332 , confirmed bug with validator. Working on a fix.