You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When i am trying to protect the server (instead of location) with OIDC RP reference implementation , login flow is not kicking off. It works fine if we have the following defined in the location block works fine as mentioned in the reference implementation
error_page 401 = @do_oidc_flow;
auth_jwt "authz" token=$session_jwt;
auth_jwt_key_request /_jwks_uri; # Enable when using filename
Since the auth_jwt is defined in the server block , the named location is also being protected . I was directed to use
auth_jwt off;
in the openid_connect.server_conf
Can we fix the openid_connect.server_conf to have the same ? though the reference implementation doesn't have this challenge, it would helpful if anyone wanted to protect the whole server to with the given config.
The text was updated successfully, but these errors were encountered:
Hi @b-rajesh sorry for the late response. As discussed back in July I do not have any security concerns disabling the jwt protection for the locations handling the authentication.
Did you do any testing with the suggested solution?
Hi
When i am trying to protect the server (instead of location) with OIDC RP reference implementation , login flow is not kicking off. It works fine if we have the following defined in the location block works fine as mentioned in the reference implementation
error_page 401 = @do_oidc_flow;
auth_jwt "authz" token=$session_jwt;
auth_jwt_key_request /_jwks_uri; # Enable when using filename
Since the auth_jwt is defined in the server block , the named location is also being protected . I was directed to use
auth_jwt off;
in the openid_connect.server_conf
Can we fix the openid_connect.server_conf to have the same ? though the reference implementation doesn't have this challenge, it would helpful if anyone wanted to protect the whole server to with the given config.
The text was updated successfully, but these errors were encountered: