providers/proxy: ensure issuer is correct when browser url override is set
Signed-off-by: Jens Langhammer <jens@goauthentik.io> #4715
This commit is contained in:
Jens Langhammer
parent
1ac2e924a2
commit
9f431396c0
|
|
@ -18,9 +18,10 @@ type Config struct {
|
||||||
// Outpost specific config
|
// Outpost specific config
|
||||||
// These are only relevant for proxy/ldap outposts, and cannot be set via YAML
|
// These are only relevant for proxy/ldap outposts, and cannot be set via YAML
|
||||||
// They are loaded via this config loader to support file:// schemas
|
// They are loaded via this config loader to support file:// schemas
|
||||||
AuthentikHost string `env:"AUTHENTIK_HOST"`
|
AuthentikHost string `env:"AUTHENTIK_HOST"`
|
||||||
AuthentikToken string `env:"AUTHENTIK_TOKEN"`
|
AuthentikHostBrowser string `env:"AUTHENTIK_HOST_BROWSER"`
|
||||||
AuthentikInsecure bool `env:"AUTHENTIK_INSECURE"`
|
AuthentikToken string `env:"AUTHENTIK_TOKEN"`
|
||||||
|
AuthentikInsecure bool `env:"AUTHENTIK_INSECURE"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type RedisConfig struct {
|
type RedisConfig struct {
|
||||||
|
|
|
||||||
|
|
@ -2,11 +2,11 @@ package application
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
"goauthentik.io/api/v3"
|
"goauthentik.io/api/v3"
|
||||||
|
"goauthentik.io/internal/config"
|
||||||
"golang.org/x/oauth2"
|
"golang.org/x/oauth2"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -33,11 +33,12 @@ func GetOIDCEndpoint(p api.ProxyOutpostConfig, authentikHost string, embedded bo
|
||||||
endUrl := p.OidcConfiguration.EndSessionEndpoint
|
endUrl := p.OidcConfiguration.EndSessionEndpoint
|
||||||
tokenUrl := p.OidcConfiguration.TokenEndpoint
|
tokenUrl := p.OidcConfiguration.TokenEndpoint
|
||||||
jwksUrl := p.OidcConfiguration.JwksUri
|
jwksUrl := p.OidcConfiguration.JwksUri
|
||||||
if browserHost, found := os.LookupEnv("AUTHENTIK_HOST_BROWSER"); found && browserHost != "" {
|
issuer := p.OidcConfiguration.Issuer
|
||||||
host := os.Getenv("AUTHENTIK_HOST")
|
if config.Get().AuthentikHostBrowser != "" {
|
||||||
authUrl = strings.ReplaceAll(authUrl, host, browserHost)
|
authUrl = strings.ReplaceAll(authUrl, authentikHost, config.Get().AuthentikHostBrowser)
|
||||||
endUrl = strings.ReplaceAll(endUrl, host, browserHost)
|
endUrl = strings.ReplaceAll(endUrl, authentikHost, config.Get().AuthentikHostBrowser)
|
||||||
jwksUrl = strings.ReplaceAll(jwksUrl, host, browserHost)
|
jwksUrl = strings.ReplaceAll(jwksUrl, authentikHost, config.Get().AuthentikHostBrowser)
|
||||||
|
issuer = strings.ReplaceAll(issuer, authentikHost, config.Get().AuthentikHostBrowser)
|
||||||
}
|
}
|
||||||
ep := OIDCEndpoint{
|
ep := OIDCEndpoint{
|
||||||
Endpoint: oauth2.Endpoint{
|
Endpoint: oauth2.Endpoint{
|
||||||
|
|
@ -48,7 +49,7 @@ func GetOIDCEndpoint(p api.ProxyOutpostConfig, authentikHost string, embedded bo
|
||||||
EndSessionEndpoint: endUrl,
|
EndSessionEndpoint: endUrl,
|
||||||
JwksUri: jwksUrl,
|
JwksUri: jwksUrl,
|
||||||
TokenIntrospection: p.OidcConfiguration.IntrospectionEndpoint,
|
TokenIntrospection: p.OidcConfiguration.IntrospectionEndpoint,
|
||||||
Issuer: p.OidcConfiguration.Issuer,
|
Issuer: issuer,
|
||||||
}
|
}
|
||||||
if !embedded {
|
if !embedded {
|
||||||
return ep
|
return ep
|
||||||
|
|
|
||||||
Reference in New Issue