Replies: 4 comments 6 replies
-
see: #3200 |
Beta Was this translation helpful? Give feedback.
-
You can also look here, I think it has to do with the openidc process: zmartzone/lua-resty-openidc#338 |
Beta Was this translation helpful? Give feedback.
-
Just for reference, there has one similar case in Slack: https://the-asf.slack.com/archives/CUC5MN17A/p1656333755853119 |
Beta Was this translation helpful? Give feedback.
-
hello, Problem was sorted out in Slack. The workaround is to add this to your config.yaml nginx_config: Now it works properly. Thanks to all that helped! |
Beta Was this translation helpful? Give feedback.
-
Hello,
I tried installing apisix with openidconnect plugin using keycloak.
Basically, if I use the port 9080, everything is working fine and as it should
However, when I try to put APISIX at the back of an NGINX proxy which provides SSL Configuration, then I get the following error :
[lua] openidc.lua:1378: authenticate(): request to the redirect_uri path but there's no session state found,
It seems that everything works for http but when I use https, session state is not found.
Basically, here's my configuration,
`
server { # This new server will watch for traffic on 443
listen 443 ssl;
server_name apisix.test.ph;
ssl_certificate /etc/nginx/my-site.com.crt;
ssl_certificate_key /etc/nginx/my-site.com.key;
root /usr/share/nginx/html;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
}
`
It works properly if I use it directly via port 9080
Here's my configuration
{
"uri": "/*",
"name": "test2-nobearer",
"methods": [
"GET",
"POST",
"PUT",
"DELETE",
"PATCH",
"HEAD",
"OPTIONS",
"CONNECT",
"TRACE"
],
"vars": [
[
"http_Authorization",
"!",
"~~",
".Bearer."
]
],
"plugins": {
"openid-connect": {
"bearer_only": false,
"client_id": "tester",
"client_secret": "",
"disable": false,
"discovery": "https://auth.test.ph/realms/test-realm/.well-known/openid-configuration",
"introspection_endpoint_auth_method": "client_secret_post",
"realm": "test-realm",
"redirect_uri": "https://apisix.test.ph/",
"ssl_verify": false
},
"proxy-rewrite": {
"scheme": "https"
}
},
"upstream": {
"nodes": [
{
"host": "0.tcp.ap.ngrok.io",
"port": 10888,
"weight": 1
}
],
"timeout": {
"connect": 6,
"send": 6,
"read": 6
},
"type": "roundrobin",
"scheme": "http",
"pass_host": "pass",
"keepalive_pool": {
"idle_timeout": 60,
"requests": 1000,
"size": 320
}
},
"status": 1
}
Beta Was this translation helpful? Give feedback.
All reactions