Skip to content

feat(proxy): add ability to enable http/https proxy#85

Open
trollr wants to merge 2 commits intonokia:masterfrom
ninjaneers-team:master
Open

feat(proxy): add ability to enable http/https proxy#85
trollr wants to merge 2 commits intonokia:masterfrom
ninjaneers-team:master

Conversation

@trollr
Copy link

@trollr trollr commented Dec 6, 2018

Add http and https proxy. Useful if you're in a corporate network

@coveralls
Copy link

coveralls commented Dec 8, 2018

Pull Request Test Coverage Report for Build 110

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.1%) to 96.124%

Totals Coverage Status
Change from base Build 109: 0.1%
Covered Lines: 124
Relevant Lines: 129

💛 - Coveralls

@Trojan295
Copy link
Contributor

Thanks for the PR!

I'll try to check this on Monday (when actually behind a corporate proxy).

@Apohg
Copy link

Apohg commented Jan 25, 2019

Hi,

Is this feature still planed?

It seems I have a proxy issue and it could be very useful for me.

My Kong container have proxy env vars http_proxy & https_proxy . I also tried KONG_HTTP_PROXY & HTTP_PROXY but i still have the same error.

If I use curl in my container, I can access to my URL (after http_proxy env vars have been added).

But oidc-plugin still gives me dns issues. And it seems he's not using proxy parameters.
openidc_configure_proxy(): openidc_configure_proxy : don't use http proxy

So I'm not sure if it's a classic behavior of the plugin or not to not use proxy env vars ?
Is there a way around this problem?

Debug:

 2019/01/25 15:00:40 [debug] 43#0: *914 [lua] openidc.lua:467: openidc_discover(): openidc_discover: URL is: http://xxx
 2019/01/25 15:00:40 [debug] 43#0: *914 [lua] openidc.lua:473: openidc_discover(): discovery data not in cache, making call to discovery endpoint
 2019/01/25 15:00:40 [debug] 43#0: *914 [lua] openidc.lua:354: openidc_configure_proxy(): openidc_configure_proxy : don't use http proxy
 2019/01/25 15:00:40 [debug] 43#0: *914 [lua] http.lua:633: send_request(): 
 GET /connexion/oauth2/realm/.well-known/openid-configuration HTTP/1.1
 User-Agent: lua-resty-http/0.12 (Lua) ngx_lua/10013
 Host: xxx
 
 
 2019/01/25 15:00:40 [debug] 43#0: *914 [lua] openidc.lua:485: openidc_discover(): response data: {"id_token_encryption_alg_values_supported":["RSA1_5"],"response_types_supported":["token id_token","code token","code token id_token","token","code id_token","code","id_token"],"registration_endpoint":"http://xxx/connect/register","token_endpoint":"http://xxx/access_token","end_session_endpoint":"http://xxx/connect/endSession","scopes_supported":[],"acr_values_supported":[],"version":"3.0","userinfo_endpoint":"http://xxx/userinfo","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"subject_types_supported":["public"],"issuer":"XXX/oatuh2/realm","id_token_encryption_enc_values_supported":["XXX"],"claims_parameter_supported":false,"jwks_uri":"http:XXX/jwk_uri","id_token_signing_alg_values_supported":["XXX"],"check_session_iframe":"http://xxx/checkSession","claims_supported":["id"],"authorization_endpoint":"http://xxx/authorize"}
 2019/01/25 15:00:40 [debug] 43#0: *914 [lua] openidc.lua:1036: openidc_get_token_auth_method(): 1 => client_secret_post
 2019/01/25 15:00:40 [debug] 43#0: *914 [lua] openidc.lua:1038: openidc_get_token_auth_method(): configured value for token_endpoint_auth_method (client_secret_post) found in token_endpoint_auth_methods_supported in metadata
 2019/01/25 15:00:40 [debug] 43#0: *914 [lua] openidc.lua:1066: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_post
 2019/01/25 15:00:40 [debug] 43#0: *914 [lua] openidc.lua:1203: authenticate(): session.present=true, session.data.id_token=true, session.data.authenticated=true, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
 2019/01/25 15:00:40 [debug] 43#0: *914 [lua] openidc.lua:1244: authenticate(): id_token={"azp":"kong","iat":1548428439,"iss":"http:\/\/XXXX","nonce":"7fc93689b87e2bf2fa0ed3236655a9a7","given_name":"test","tokenType":"JWTToken","tokenName":"id_token","auditTrackingId":"XXX-XXX-XXX-XXX","name":"testname","updated_at":"0"}
 2019/01/25 15:00:40 [debug] 43#0: *914 [lua] handler.lua:25: OidcHandler done
 2019/01/25 15:00:40 [error] 43#0: *914 [lua] balancer.lua:806: execute(): [dns] dns server error: 3 name error. Tried: (short)url.org:(na) - cache-miss
 url.org:33 - cache-miss/scheduled/querying/dns server error: 3 name error
 url.org.domain.intra:33 - cache-miss/scheduled/querying/dns server error: 3 name error
 url.org:1 - cache-miss/scheduled/querying/dns server error: 3 name error
 url.fr.domain.org:1 - cache-miss/scheduled/querying/dns server error: 3 name error
 url.org:5 - cache-miss/scheduled/querying/dns server error: 3 name error
 url.org.domain.intra:5 - cache-miss/scheduled/querying/dns server error: 3 name error

Thank you !

recovery_page_path = { type = "string" },
logout_path = { type = "string", required = false, default = '/logout' },
redirect_after_logout_uri = { type = "string", required = false, default = '/' },
http_proxy = { type = "string", required = false, default = '' },
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove the default value for http_proxy and https_proxy. It's causing to always set the proxy and breaks in non proxy environment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants