You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description:
I'm trying to combine OIDC and external auth security polices. The idea is to perform a check using an external service for a forwarded Authorization header received in the OAuth2 authentication.
They work separately, but when I enable both, the external auth takes precedence, resulting in a 403 error. Is it possible to change the order in which the policies are applied?
The text was updated successfully, but these errors were encountered:
@arkodg Thanks for the hint. It started to work with a changed order but there are issues:
Both policies should have the same target, it doesn't work when one policy targets Gateway and another targets HTTPRoute.
headersToBackend is ignored when OAuth2 filter is enabled before External Authorization.
The configuration stops working if the OAuth2 filter is recreated (kubectl delete/apply). It is needed to recreated the ext_authz filter to make it work again.
Description:
I'm trying to combine OIDC and external auth security polices. The idea is to perform a check using an external service for a forwarded
Authorization
header received in the OAuth2 authentication.I followed both guides:
https://gateway.envoyproxy.io/docs/tasks/security/oidc/
https://gateway.envoyproxy.io/docs/tasks/security/ext-auth/
They work separately, but when I enable both, the external auth takes precedence, resulting in a 403 error. Is it possible to change the order in which the policies are applied?
The text was updated successfully, but these errors were encountered: