Hi,
Disclaimer: I am fairly new to FusionAuth, and OAuth2 in general.
TL; DR:
Trying: To configure kubernetes nginx ingress controller with FusionAuth backend.
Working: FusionAuth is running, authenticates properly, redirects properly, reachable.
Not working: ingress controller confuses FusionAuth's login page as "successful authentication"
Long Version:
I am trying to configure kubernetes nginx ingress with a FusionAuth backend to secure multiple services. The services themselves do not have any sign in requirement. The idea is that when the user hits an ingress endpoint, the ingress will direct the user to FusionAuth, and upon successful completion of authentication, the ingress will direct the user to the actual service endpoint.
FusionAuth is working, accounts are setup, and if I hit the oath ldp login url directly, FusionAuth properly authenticates and redirects to the desired endpoint.
I have been trying to utilize the auth-url annotation with the FusionAuth's oauth ldp login URL . However, ingress controller seems to interpret an HTTP response code 200 from auth-url as successful authentication. When the user is directed to FusionAuth without a valid session,FusionAuth presents the login page which comes with the response code of 200, and consequently, is treated as ingress controller as successful authentication.
This would indicate the need of a (reverse)proxy / middleman, I cannot find one that would work out of the box with kubernetes and fusionAuth.
So far I have checked these:
- https://fusionauth.io/blog/2020/03/31/how-to-securely-implement-oauth-angular/
- https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/oauth_provider
Any help in this regard will be appreciated.