Authentication using Bearer Token #17057
-
Authentication using Bearer Tokens does not workHello, We have embedded Cockpit component Terminal in our web app using the instructions at https://cockpit-project.org/guide/latest/embedding.html#embedding-components Our web app uses OpenLDAP (with Keycloak sitting in the middle) for user authentication. When we get to the embedded iframe, the user is asked for login credentials through the Cockpit login page. After entering the login credentials, the user can get the Terminal to open. We would like to bypass this requirement for the user to authenticate a second time in the iframe by using bearer tokens. Keycloak provides us with the bearer tokens for authentication. We added the cockpit configuration file for accepting Bearer Token (cockpit.conf) [referring to https://github.com/cockpit-project/cockpit/blob/main/doc/authentication.md]: We pass the Keycloak token to Cockpit in the Authorization headers, but we are returned with a 500 Internal Server Error. Does anyone have a working version of Cockpit iframe being authenticated using bearer tokens? Version of Cockpit251.3-1.el8_5 Where is the problem in Cockpit?Terminal Server operating systemRed Hat Enterprise Linux Server operating system version8.2 What browsers are you using?Chrome, Edge System logNo response |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Did you actually implement that I recently did a complete PoC for bearer token authentication here: gbraad-redhat/podman-cockpit-desktop#3 (comment) |
Beta Was this translation helpful? Give feedback.
-
|
Any successfully implemented command to works with Bearer token? I've tried something based on the available examples without success, the STDIN/OUT based protocol is a bit of pain to use… Here is my current state and I can't make it work, it hand when reading the expected size of the response, not sure if bug on my side or nor content sent by cockpit. On the website it correctly goes to the IDP and come back. https://gist.github.com/ygini/0ece3afb719d3ce1f12a5583b803e3e3 |
Beta Was this translation helpful? Give feedback.
Did you actually implement that
example-verify-tokencommand?I recently did a complete PoC for bearer token authentication here: gbraad-redhat/podman-cockpit-desktop#3 (comment)