Kong oidc nokia. If desired I can updated it for the latest 1.
Kong oidc nokia. Can you please help to get this resolved.
Kong oidc nokia. kong-oidc is a plugin for Kong implementing the OpenID Connect Relying Party (RP) functionality. 4-1" Deployed using Helm 3 { "cr OIDC plugin for Kong. When i directly send requests to container port things just work fine and after login kong successfully redirec Saved searches Use saved searches to filter your results more quickly OIDC plugin for Kong. 11 to 0. May 7, 2019 · nokia / kong-oidc Public. Apr 15, 2020 · nokia / kong-oidc Public. Can you please help to get this resolved. Sure, they are passed in the request header, but it's encrypted and managed by Kong. I was traveling and couldn’t reply. mobile app) participant kong as Kong participant okta as Okta activate client activate kong client->>kong: Client initiates sign-in kong->>client: Kong sends auth cookie and redirects to Okta deactivate kong activate okta client->>okta: Client signs in to Okta okta->>client: Okta sends auth code Mar 14, 2019 · nokia / kong-oidc Public. Once you submit the Secret, those values are encoded and moved into data (you can check by using kubectl get secret SECRETNAME -o yaml after). com>" ---> Using cache ---> 8e5796298574 Step 3/5 : ENV KONG_PLUGINS=bundled,kong-spec-expose,kong-oidc ---> Running in 8a1ee903ae73 Removing intermediate container 8a1ee903ae73 ---> 0f2c570af7a1 Step 4/5 : RUN luarocks install kong OIDC plugin for Kong. So no need to add this. Please don’t use this POC for production, it’s only for development & learning purposes. But now with a created consumer, you should be able to rate-limit the consumer among other things kong has available specific to consumers like acls etc. 0, including use of v1. Maintained by the community. Contribute to inginjadipro/nokia-kong-oidc development by creating an account on GitHub. 3 USER root RUN luarocks install lua-resty-jwt RUN luarocks install lua-resty-openidc RUN luarocks install kong-oidc USER kong Feb 16, 2019 · nokia / kong-oidc Public. graebner@siemens. 0 ** kong-OI Jan 27, 2021 · nokia / kong-oidc Public. 0 the pr Jan 6, 2021 · Hello everyone, There is a simple question, after configuring Kong + oidc + keycloak as result we have the workflow described in the documentation, But have one concern - if tried login without Bearer token we got 302 and redirecting to Apr 18, 2020 · Hi There, I have experimenting kong with oidc plugin in docker(GitHub - nokia/kong-oidc: OIDC plugin for Kong) I have a simple Spring Boot application as a upstream Sep 23, 2022 · OIDC plugin for Kong. 0-0. kong:2. 0 behavior is still available on v2. This plugin can be used to implement Kong as a (proxying) OAuth 2. com/nokia/kong-oidc) for authorization_code grant flow and then call OIDC Kong Gateway Enterprise’s OIDC plugin can authenticate requests using OpenID Connect protocol. An update for konga came out over the weekend to fix compatibility issues caused by changes to the underlying kong admin api. 3 as a docker container with oidc plugin built from master branch. yaml file for the service/route at kong along with oidc plugin configuration May 9, 2020 · I have enabled the OIDC nokia/kong-oidcplugin globally with below for one api's with below configurations Deployment environment openshift v3. 11. However, regarding logout, we are seeing that even after logout from Okta, kong still maintains the session and redirects to Okta only after one hour which is the current access token lifetime Jan 22, 2021 · Hi, I use kong ingress with the nokia-oidc plugin I try to figure out how I can specify two different kongplugin configuration on different path like : one kongplugin configuration on path /m2m one kongplugin configuration on path /user How I can write an ingress on this way, actually I use something like this : apiVersion: extensions/v1beta1 kind: Ingress metadata: name: get annotations Mar 21, 2019 · nokia / kong-oidc Public. It is important that you create a domain name to use OIDC plugin in a production environment. 12 and ran into a problem with consumer_id which didn't happen before. Code; Issues 81; Pull requests 25; Actions OIDC plugin for Kong. I am using keycloak as IDP. 10. If desired I can updated it for the latest 1. I thought that this plugin would Saved searches Use saved searches to filter your results more quickly Jun 25, 2019 · I set up Kong locally (Docker) with Nokia’s oidc plugin and used Auth0 as the OIDC authority – it worked wonderfully well! I’ve since moved an identical service into Kubernetes using dist-kubernetes. May 13, 2018 · On Wed, May 16, 2018 at 12:17 PM, Damian Czaja ***@***. Oct 15, 2019 · It's not using the main nokia-oidc or kong-plugin-jwt-keycloak plugins: it's using forks of both. The only Jul 25, 2022 · The configuration works fine for login activity, redirection to Okta takes place, authentication happens and session is established at kong oidc plugin. Code; Issues 78; oidc" USER root RUN luarocks install kong-oidc Feb 28, 2019 · Hello, I am running kong v0. NGINX - > Kong - > Microservice. We need to enabled OIDC authentication for this service and we are using this oidc plugin. Best regards ++ p. n December 5, 2019, 10:09am 3. -based on kong 0. 1 and Keycloak 5. It's impossible to invalidate issued user token other than destroying them. X. 0 tokens by default, which is not compatible with Kong’s OIDC implementation. `[error] 3904#0: *396225 [lua] openidc. kong-oidc is a Kong plugin for implementing the OpenID Connect Relying Party. Code; Issues 78; Pull requests 25; Actions; Projects 0; Security; Insights New issue Have a question about (e. Aug 26, 2020 · stringData is just a convenience tool to write Secrets without encoding values in advance. e. g. lakshmansai. Kong also offers an Enterprise OpenID Connect plugin as well: Dec 4, 2019 · OIDC plugin for Kong. 0 : Oct 26, 2018 · nokia / kong-oidc Public. Feb 5, 2020 · I have found this thread (Nokia/kong-oidc and Auth0 on Kubernetes help) that creates a docker image from kong and installs a plugin from luarocks, which meets my use case however this is the full kong image and I need to do this with the ingress image. ctx. Fow these who want to use Client Credentials Grant Flow, please jump to telstra-oidc-ccgf . When used as an OpenID Connect Relying Party it authenticates users against an OpenID Connect Provider using OpenID Connect Discovery and the Basic Client Profile (i. Feb 11, 2021 · Sending build context to Docker daemon 114. Code; Issues 78; Pull requests 25; Actions; docker build --build-arg PLUGINS="kong-oidc" --tag my-org OIDC plugin for Kong. Heres a link to what I did: JakeCodeStuff@ f0c573c Nov 24, 2019 · Hello! First of all: This might be a duplicate of Nokia/kong-oidc and Auth0 on Kubernetes help Unfortunately it looks like this has never been resolved, so let’s try it again! What I want to do: Use kong as an API gateway for some services I’m running on kubernetes. Finally, Nokia Kong OIDC plugin; Kong declarative configuration; OIDC plugin for Kong. Notifications You must be signed in to change notification settings; Fork 316; Star 453. 5MB Step 1/4 : FROM kong:1. 168. 1, server: kong, request: I'm using a django app as the provider with the django-oidc-provider library; Jun 4, 2018 · When it comes to using OAuth/OIDC as SSO within my own, first party microservice project, I need to be able to integrate different grant types, while having Kong act as the RP/Client for my Authorization server, e. When logout is initiated from RP, this Apr 29, 2019 · Hey don’t provide redirect_uri_path variable. Current Behavior Accessing a webpage runs the user through the OIDC workflow successfully, but all static assets it tries to access redirect to restart the authentication workflow. Further I want to use the kong-oidc plugin to protect those services, backed by keycloak as an IDP. Feb 20, 2020 · I have put single page application behind Kong and trying to use OIDC plugin (https://github. 2) and kong (1. Thanks for the response. Dec 14, 2018 · nokia / kong-oidc Public. Notifications You must be signed in to change notification settings; Fork 317; Star 454. 18. Kong is responsible for getting tokens, validating them and refreshing. (I also raised the large_client_header_buffer Something went wrong! We've logged this error and will review it as soon as we can. The API in question is /plugins which allows you to add a plugin globally to Kong. Nokia has a long history in open source and we bring a history reaching over 20 years into the community. Jul 16, 2021 · Stack Overflow for Teams Where developers & technologists share private knowledge with coworkers; Advertising & Talent Reach devs & technologists worldwide about your product, service or employer brand Oct 17, 2018 · I'm running Kong 0. Dec 11, 2019 · Hey, I am using kong community edition and I wanted to uses open id connect. Learn to setup the OIDC plugin using the Ingress Controller. well-known Oct 25, 2017 · Situation: We've added an API "myapi" to kong (0. Dec 1, 2020 · nokia / kong-oidc Public. 0. Feb 21, 2023 · OpenID Connect plugin in Kong Hub. Keycloak. Everything works perfectly. It maintains sessions for authenticated users by leveraging lua-resty-openidc thus offering a Jun 25, 2019 · I set up Kong locally (Docker) with Nokia’s oidc plugin and used Auth0 as the OIDC authority – it worked wonderfully well! I’ve since moved an identical service into Kubernetes using dist-kubernetes. The plugin supports Jan 19, 2022 · Preparation. the Authorization Code flow). Mar 6, 2019 · Hi @larsw, which Kong and Keycloak version are you using?I got an issue that X-Access-Token and X-Id-Token didn't appear in header of up stream server? I used Kong 1. 12. I exposed the ingress-data-plane via Load Balancer and set an A record for the LB’s IP. Hi, This is what I have managed to get. Try it out by removing this redirect_uri_path from config. Jul 4, 2022 · We have a backend service which is proxied using kong. Error ID . Sorry for the delay in response. cache/luarocks' or its parent directory is not owned by the current user and the cache has been disabled. I decided to use the nokia/kong-oidc plugin. 0 as we use "luarocks install kong-oidc " command to install kong-oidc plugin as it was mention in installation step. 0-centos ---> 9e6ba8af63ec Step 2/4 : LABEL description="Centos 7 + Kong 1. Running on GKE on GCP Jun 22, 2020 · Stack Overflow for Teams Where developers & technologists share private knowledge with coworkers; Advertising & Talent Reach devs & technologists worldwide about your product, service or employer brand kong-oidc is a Kong plugin for implementing the OpenID Connect Relying Party. 0) plugin (also known as OIDC) allows for integration with a third party identity provider (IdP) in a standardized way. We are using ADFS 3. lua:497: openidc_discover(): could not decode JSON from Discovery data Feb 20, 2019 · Sending build context to Docker daemon 97. 79kB Step 1/5 : FROM kong:1. kong and keycloak are both running in docker containers in a server (192. Code; Issues 81; Pull requests 25; Actions Jul 2, 2018 · Kong OIDC logs out by destroying the session cookie with the JWT and redirects the user agent to the OIDC End Session Endpoint, to logout the user from it. 3, not clustered, just 1 pod in openshift v3) which is secured by keycloak (3. Feb 21, 2023 · The kong-oidc-1. 3 ---> e5d28df8a3c5 Step 2/5 : LABEL maintainer="Oliver Graebner <oliver. Jul 15, 2018 · OIDC plugin for Kong. Notifications Fork 315; Star 452. Final) via its js client adapter and the kong oidc plugin in version 1. 51 image: repository: revomatico/docker-kong-oidc tag: "2. Support for some legacy v1. Before we begin, we need to have the following : Kong - An API Gateway (community edition is open source and free) Kong OIDC Plugin - Open-sources OIDC plugin for Kong, maintained by the community. 3) with ingress controller (0. It authenticates users against an OpenID Connect Provider using OpenID Connect Discovery and the Basic Client Profile (i. 0 resource server (RS) and/or as an OpenID Connect relying party (RP) between the client and the upstream service. Dec 18, 2020 · nokia / kong-oidc Public. Assumptions. I added Keycloak through Kong OIDC plugin (Nokia) and it return 502 Bad Gateway. 14. Notifications You must be signed in to change notification settings; Fork 315; Star 452. Code; Issues 78; Pull requests 25; Actions; Projects 0; Security; Insights New issue Have a question about Jan 15, 2018 · nokia / kong-oidc Public. Mar 26, 2019 · I’m using the Enterprise OpenId Connect plugin to verify access tokens, along with an OIDC provider that supports multiple realms. It maintains sessions for authenticated users by leveraging lua-resty-openidc thus offering a OIDC plugin for Kong. I am using keycloak as the open id provider in a gce cluster with k8s ( v1. This plugin only contains Authorization Code Grant Flow and developed based on nokia/kong-oidc. If this keeps happening, please file a support ticket with the below ID. Now we are passing access token directly in header <<Authorization Bearer <<access_token>> to kong proxy and we have configured below details in kong-oidc plugin. For this POC or demo will be using GCP cloud to run the infrastructure on GKE (Kubernetes). The kong service’s route points to a deployment’s ClusterIP service and the host is the A record The OpenID Connect ( 1. 0) However, with this plugin enable I am seeing a constant 1 request per seconds activity on my keycloak service. Code; Issues 78; Pull requests 25; Actions; Projects 0; Security; Insights New issue Have a question about May 22, 2020 · Hi guys! I've had a hard time to make the OIDC plugin work with my Kong setup (on AWS EKS) Thanks to #123, setting the session secrect for both Kong and the OIDC plugin finally did the trick. Dec 6, 2019 · I set up Kong locally (Docker) with Nokia’s oidc plugin and used Auth0 as the OIDC authority – it worked wonderfully well! I’ve since moved an identical service into Kubernetes using dist-kubernetes. 1-I was wondering if I should send a PR to add it to this plugin, but I think its a diff concern. Notifications Fork 307; Star 447. Jun 3, 2018 · Overall just circling back to this plugin the more I understand Kong + OIDC this Nokia plugin is impressive! I like the idea of just passing the /. 172. When user logs in successfully, kong-oidc passes user. Jul 27, 2019 · I’ve setup Kong behind NGINX (LB). Notifications Fork 289; Star 430. Kong JWT KeyCloak Plugin - Plugin for Kong so as to allow JWT token to be issued and validated by Keycloak. For development we are using single node, but in production we will be using HA Kong . Sep 6, 2019 · to be able to activate the functionality of the OIDC with Kong as a client of Keycloak, and to allow introspection (points 6 and 7 of the initial image) it is necessary to invoke an Admin Rest API of Kong. kong-oidc is a plugin for Kong implementing the OpenID Connect Relying Party (RP) functionality. Notifications Fork 296; Star 436. Notifications Fork 284; Star 430. Looking at the kong stdout… it looks like the redirect added session_state & code. We have the following configuration in our . In the appropriate areas, sharing, cooperating, and working together not only makes the software better, but brings the best out of innovating together. In usual OIDC flow, the RP acquires this OP endpoint via OIDC discovery mechanism where it should be available as end_session_endpoint. x using the latest version of the kong-oidc plugin and am seeing some unexpected behavior when I log out all active sessions from my OIDC Provider (in this case, Keycloak). kong-oifc is a Kong pluhin for implementing the OpenID Connect Relying Party. Code; Issues 79; Pull requests 25; Actions; Projects 0; Security; Using Kong-oidc behind a reverse Nov 21, 2018 · We installed kong-oidc 1. Azure AD provides two interfaces for its OAuth2/OIDC-related endpoints: v1. . At Nokia we believe in open source software. 0: 559: May 18, 2020 Mar 1, 2021 · Kong-oidc — kong-oidc is a plugin for Kong implementing the OpenID Connect Relying Party (RP) functionality. Is there a best practice for allowing authenticated requests from multiple issuers? AFAICT, the plugin only allows one issuer and only one instance of the plugin will run for a request. 1. nokia / kong-oidc Public. Dec 11, 2017 · This plugin currently supports only the OIDC Authorization Code grant and in this case the user-agent doesn't have access the tokens. Notifications Fork 281; Star 427. ***> wrote: I got it working by installing the following packages before installing kong-oidc: RUN apk add gcc libc-dev git openssl-dev I believe you can remove gcc and git at the end of the Dockerfile to save space. rockspec is the same one as in the custom OIDC plugin GitHub repo. To add the OIDC plugin, you need some information: Jan 25, 2019 · Custom plugins can be added to the ingress controller via volume mounts and environment variable configuration. Luckily Kong supports use of custom plugins, and Nokia has a Kong plugin that implements OpenID Connect Relying Party (RP) functionality. GitHub - nokia/kong-oidc: OIDC plugin for Kong was developed by Nokia for their own use although they released it to the public. Code; Issues 81; Pull requests 25; Actions Continuous Integration: kong-oidc is a plugin for Kong implementing the OpenID Connect Relying Party (RP) functionality. 123), keycloak configured to use port "8181:8080", and using ncarlier/kong:0. s I am well aware of how to use OAuth/OIDC, especially as a SSO solution for first party applications :-) May 13, 2021 · Using Kong's OpenID Connect (OIDC) plugin, Kong and Okta work together to solve three significant application development challenges: Connectivity; Authentication; Authorization; The OIDC plugin enables Kong, as the API gateway, to communicate with Okta via the OAuth/OIDC flows. Notifications You must be signed in to change notification settings; Fork 318; Star 454. Code; Issues 81; Pull requests 25; Actions Aug 16, 2018 · [root@kong-ingress-controller-6ccd5485bf-fjfbs tmp]# luarocks install kong-oidc Warning: The directory '/root/. The nokia-oidc fork bumps the version of a dependency, Apr 8, 2020 · nokia / kong-oidc Public. Code; @jerfer In our application we just created a /callback in one of the routes with the kong-oidc Feb 8, 2018 · I upgraded kong from 0. Each realm is its own issuer, with its own discovery endpoint. sub as the id in ngx. x). 3: 609: December 13, 2019 Nokia Kong-OIDC + Auth0. The entire project is available on my Git May 22, 2018 · See plugin here kong-oidc-consumer. Basically whatever you enter in browser to access your service via kong will be taken as redirect_uri_path on the fly dynamically. OpenID Connect | Kong Docs this one comes with EE and obviously you get Kong Inc support etc. Before I started I tested OIDC plugin for Kong. Aug 8, 2019 · nokia / kong-oidc Public. authenticated_co Nov 5, 2018 · Spent the morning hacking up a solution, unfortunately we are actively using Kong 14. OIDC plugin for Kong. Dec 13, 2018 · Hello @Trojan295 or oidc-Group, At the moment of discovery my kong can't decode json response (for information i use keycloak). Note that these need to be added to both the kong Deployment and the ingress-kong Deployment, as the ingress controller uses a split deployment with separate Kong nodes for the admin API and proxy. Notifications Fork 311; Star 449. 2. Notifications You must be signed in to change notification settings; Fork 322; Star 455. Jan 25, 2019 · Have you ever deployed the nokia plugin inside a kubernetes cluster to control authorization? Also are you aware of any issues with the nokia-oidc plugin and the newest versions of kong (1. Code; Issues 81; Pull requests 25; Actions Sep 18, 2020 · nokia / kong-oidc Public. I could access my microservice through NGINX. . Contribute to nokia/kong-oidc development by creating an account on GitHub. 1 CE, so I tested/developed against that, using Kong 14. 0:8001/plugins -d 'name=oidc' -d 'config. Notifications Fork 294; Star 435. Okta is our Identity Provider. 0 + kong-oidc plugin" ---> Using cache ---> 89143cca3603 Step 3/4 : RUN yum install -y git unzip && yum clean all ---> Using cache ---> acf512b1c1a0 Step 4/4 : RUN luarocks install kong-oidc Jan 18, 2020 · Users should be able to log in once through the OIDC user flow and maintain that session until the token expires. client_id=CLIENT_ID' -d 'config Feb 28, 2019 · Hi @Trojan295, I'm having trouble when using kong-oidc with keycloak. This is needed for the kong-oidc plugin to set a session secret that will later override the template string; See: nokia/kong-oidc#1; A common default session_secret must be defined by setting env KONG_X_SESSION_SECRET to a string; To enable the plugins, set the env variable for the container with comma separated plugin values: KONG_PLUGINS Jul 26, 2021 · Nokia/kong-oidc plugin make a lot of unusual request against keycloak. Code; Issues 81; Pull requests 25; Actions; Projects 0; Security; Insights New issue Have a question about Jun 16, 2019 · kong-oidc. 1 source code (OAuth2 plugin) as my guide. 6. Dec 23, 2019 · nokia / kong-oidc Public. Code; Issues 78; I then add kong-oidc to each route with a configuration like: discovery_path = f' Jul 2, 2019 · In current kong-oidc plugin version the configuration property redirect_after_logout_uri is masking end_session_endpoint property value obtained with discovery mechanism. That way, your app teams don't have to configure and diagnose Oct 24, 2017 · Continuous Integration: kong-oidc is a plugin for Kong implementing the OpenID Connect Relying Party (RP) functionality. Notifications You must be signed in to change notification settings; Fork 320; Star 454. Kong also offers an Enterprise OpenID Connect plugin as well: May 18, 2020 · I have a dockerized Kong with Nokia’s kong-oidc plugin enabled via curl -i -X POST 0. 0 and v2. exkgbvfhordeicttumpvquamfctryeurryaukaihoeustfjugcxakvqcel