Authentik (outpost) used with Forward Auth of traefik -- surpress/handle additions to redirected url? #11944
Replies: 1 comment
-
Any help would really be appreciated! I am completely stuck. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I run Authentik and use it with Traefik as forward auth for an external application (Technitium) on a single subdomain to handle authentication with Authentik.
This works in principle (or seems to?), as the flow proceeds as expected: when I access the subdomain, I am redirected to Authentik for authentication and consent. However, after successful authentication, I am not redirected back to the external host as declared in the configuration (https://192.168.100.108:53443) but instead to:
https://192.168.100.108:53443/outpost.goauthentik.io/callback?X-authentik-auth-callback=true&code=0d1142efac11410ab526ca12566c0748&state=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnb2F1dGhlbnRpay5pby9vdXRwb3N0L2Z2eDIxR2h6R2tWQURMNzdNUkhaNFpnSE9sQ28wYWJRTXNsdkg1NHIiLCJzaWQiOiJaSUFMVEI1WUZNSktTS1pRS01BNUNKVzNYWklMRFNNUUFDQUxWREpJTVNWUFdOTDZQWlVBIiwic3RhdGUiOiJuX0lsWUtRNndqUUhHNzRQb0ljbkg0MTh1Z09RVUt2cTl5TXQyWEFoU09FIiwicmVkaXJlY3QiOiJodHRwczovL3RlY2huaXRpdW0uemVlYjI0LmRlLyJ9.idHimAoeKOqbTvy5S-WskUXzeV5CbA2UKu4QDZvjzEc
I learned that the path is is the standard callback url and the query parameters are ids/tokens etc for the authentication flow, but how can i set these, cause the relevant path is just https://192.168.100.108:53443/ and should be called as simple as that as the server cant handle the path. Therefore I get an error 500.
In the "Advanced protocol settings" of the provider, there are some fields for "additional" scopes, but i cannot deselect all of them and do not include 'state' or 'code' parameters in the first place.
I tried to use a some middleware in traefik (as seen in my config provided) to strip it (correct approach?) but this did not succeed.
This is the router and middleware config in traefik:
Moreover this is the provider section in authentik:

Beta Was this translation helpful? Give feedback.
All reactions