external-auth-server: Manual definition of issuer:{} as a solution for a blocked connection from RP to OP

Hi Travis,

I see in the examples, that it is possible to manually put the results of the discovery of .well-known/openid-configurationin the config_token. My question is: will this prevent eas to do a callback to the OP?

Reason for me asking is: I have a situation where the OP is inside an intranet and cannot call outside neither can it called from the outside. EAS and the service are in the internet. Will I be able to provide the eas protected service in the internet to the users in the intranet using the OP in the intranet?

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 43 (23 by maintainers)

Most upvoted comments

I’ll try tomorrow. It’s already 7pm here in germany!

+1
kettenbach-it on Jan 14, 2023
Read more comments on GitHub
← external-auth-server: /envoy/verify-params-header can cause infinite auth loop
external-auth-server: OIDC with userinfo (via Okta IdP) flow random 403 on authorization callback →