Multiple auth requests
plakun opened this issue · 4 comments
Hello, we have a unsecured web-server with swagger and static pages.
When i use ldapuath plugin to acces static page it shows me basic auth request and after entering credentials page opens.
If i reload page, auth is required again, but i cant authenticate. After entering creds auth request opens again and again.
Thats what i see in logs:
Aug 31 11:43:31 infra-internal-lb-01 traefik[3818996]: DEBUG: ldapAuth: 2023/08/31 11:43:31 restricted.go:51: User: 'uid=plakun,cn=users,cn=accounts,dc=domain1,dc=domain2' found in Group: 'cn=test,cn=groups,cn=accounts,dc=domain1,dc=domain2'
Aug 31 11:43:31 infra-internal-lb-01 traefik[3818996]: INFO: ldapAuth: 2023/08/31 11:43:31 restricted.go:51: Authentication succeeded
Aug 31 11:43:34 infra-internal-lb-01 traefik[3818996]: DEBUG: ldapAuth: 2023/08/31 11:43:34 restricted.go:51: Session details: &{ map[authenticated:true username:plakun] 0xc000a5bc40 false {0xc0027e6140 {0xc00163ef00 0xc000013080 406}} ldapAuth_session_token}
Aug 31 11:43:34 infra-internal-lb-01 traefik[3818996]: DEBUG: ldapAuth: 2023/08/31 11:43:34 restricted.go:51: Session token Valid! Passing request...
Aug 31 11:43:39 infra-internal-lb-01 traefik[3818996]: DEBUG: ldapAuth: 2023/08/31 11:43:39 restricted.go:51: Session details: &{ map[authenticated:true username:plakun] 0xc0013dfd80 false {0xc0027e6140 {0xc00163ef00 0xc00188d570 406}} ldapAuth_session_token}
Aug 31 11:43:39 infra-internal-lb-01 traefik[3818996]: DEBUG: ldapAuth: 2023/08/31 11:43:39 restricted.go:51: Session token Valid! Passing request...
Aug 31 11:43:39 infra-internal-lb-01 traefik[3818996]: DEBUG: ldapAuth: 2023/08/31 11:43:39 restricted.go:51: Session details: &{ map[authenticated:true username:plakun] 0xc002085780 false {0xc0027e6140 {0xc00163ef00 0xc00090c8d8 406}} ldapAuth_session_token}
Aug 31 11:43:39 infra-internal-lb-01 traefik[3818996]: DEBUG: ldapAuth: 2023/08/31 11:43:39 restricted.go:51: Session token Valid! Passing request...
Aug 31 11:43:41 infra-internal-lb-01 traefik[3818996]: DEBUG: ldapAuth: 2023/08/31 11:43:41 restricted.go:51: Session details: &{ map[authenticated:true username:plakun] 0xc002879400 false {0xc0027e6140 {0xc00163ef00 0xc00090d758 406}} ldapAuth_session_token}
Aug 31 11:43:41 infra-internal-lb-01 traefik[3818996]: DEBUG: ldapAuth: 2023/08/31 11:43:41 restricted.go:51: Session token Valid! Passing request...
Same behavior is when i open swagger-ui page.
My config:
http:
middlewares:
ldap-auth:
plugin:
ldapAuth:
Attribute: "uid"
BaseDn: "cn=users,cn=accounts,dc=domain1,dc=domain2"
Enabled: true
Url: "ldap://freeipa.local"
LogLevel: "DEBUG"
wwwAuthenticateHeader: true
cacheTimeout: 300
allowedGroups:
- cn=test,cn=groups,cn=accounts,dc=domain1,dc=domain2
Try to test in Postman.
First GET request to swagger-ui with basic auth headers gets 200\OK. Another request with same cookie that i'v got at first try gives me:
{"timestamp":"2023-08-31T08:49:36.511+00:00","status":401,"error":"Unauthorized","path":"/swagger-ui/index.html"}
Unforunatly no :( we use ldapAuth only on one webserver with self-made backend that can't be published in internet.
Can you reproduce issue with static page reload?
The examples dir uses static pages and I can't reproduce the error.
one webserver with self-made backend that can't be published in internet.
Would it be possible to provide a simple MRE based on this backend? Only one route/page it's enough.
Something like this main.py
from FastAPI
.
from typing import Union
from fastapi import FastAPI
app = FastAPI()
@app.get("/")
def read_root():
return {"Hello": "World"}
found the problem in our backend that prevented auth with ldap-auth-cookie. Thx for help.