oauth2-proxy helm kubernetes:错误:无法初始化 OAuth2 代理:无效的提供程序验证程序选项:缺少必需的设置:颁发者 URL

问题描述 投票:0回答:1

我在 Kubernetes 集群上运行了 oauth2-proxy,我通过 ArtifactHUB > Helm > OAuth2 Proxy 图表使用 Helm 部署了该集群。我刚刚将 oauth2-proxy 从带有图表 

v7.1.3
4.2.2
升级到带有图表 
v7.4.0
6.16.1
,并开始看到以下错误:

[main.go:60] ERROR: Failed to initialise OAuth2 Proxy: error intiailising provider: could not create provider data: error building OIDC ProviderVerifier: invalid provider verifier options: missing required setting: issuer-url

这是什么问题。怎么解决?

oauth-2.0 kubernetes-helm openid-connect oauth-provider oauth2-proxy
1个回答
0
投票

我参考了文档中的 OAuth2 Proxy > Docs > Azure Auth Provider,通过在默认值文件的配置文件中添加 

azure_tenant
oidc_issuer_url
来使其工作,如下所示:

之前:

# Oauth client configuration specifics
config:
  configFile: |-
    email_domains = [ "*" ]
    upstreams = [ "file:///dev/null" ]
    http_address = "0.0.0.0:4180"
    provider = "azure"

之后:

# Oauth client configuration specifics
config:
  configFile: |-
    email_domains = [ "*" ]
    upstreams = [ "file:///dev/null" ]
    http_address = "0.0.0.0:4180"
    provider = "azure"
    azure_tenant = "${azure_tenant_id}"
    oidc_issuer_url = "https://sts.windows.net/${azure_tenant_id}/"

如果此更改后失败并出现以下错误:

Error redeeming code during OAuth2 callback: unable to get email and/or groups claims from token: unable to get claims from token: could not initialise claim extractor: failed to parse ID Token: oidc: malformed jwt, expected 3 parts got 1

然后将配置中的 

oidc_issuer_url
设置为 
"https://login.microsoftonline.com/${azure_tenant_id}/v2.0"
,而不是 V2 Azure Auth 端点。

注意:

${azure_tenant_id}
将替换为实际的 Azure 应用程序租户 ID,您可以在此处找到该 ID:Azure Active Directory (AD) > 应用程序注册 > 所有应用程序 > 
[APP NAME]
> 概述 > Essentials > 
Directory (tenant) ID
其中 
[APP NAME]
是 oauth2-proxy 注册应用程序的名称。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.