Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integration with Oauth provider LemonLDAP is not working #331

Closed
radokristof opened this issue Apr 4, 2024 · 3 comments
Closed

Integration with Oauth provider LemonLDAP is not working #331

radokristof opened this issue Apr 4, 2024 · 3 comments
Assignees
@greenpau
Labels
breakfix need triage

Comments

@radokristof
Copy link

radokristof commented Apr 4, 2024
edited
Loading

Describe the issue

Integration with Oauth provider LemonLDAP is not working. I tried multiple configuration options, I always get the same error:

ERR ts=1712268954.276949 logger=docker-proxy msg=Error response from server server=localhost status code=400 body={"error":"loading config: loading new config: loading security app module: provision security: server initialization failed: failed configuring identity provider: failed to fetch jwt keys for OAuth 2.0 authorization server: invalid jwks key: jwks unsupported key algorithm RSA-OAEP-256 for encrypt01"}

Configuration

Paste full Caddyfile below:

{
	order authenticate before respond
	order authorize before reverse_proxy
	acme_dns cloudflare REDACTED_KEY
	email [email protected]
	log access {
		format json
		include http.log.access http.handlers.reverse_proxy
		level DEBUG
		output file /var/log/caddy/access.log {
			roll_keep 5
			roll_keep_for 2160h
			roll_size 1gb
		}
	}
	log default {
		exclude http.log.access
		format json
		level INFO
		output file /var/log/caddy/runtime.log {
			roll_keep 3
			roll_keep_for 720h
			roll_size 500mb
		}
	}
	security {
		oauth identity provider generic {
			realm generic
			driver generic
			client_id caddy
			client_secret SECRET
			scopes openid email profile
			base_auth_url https://sso.company.com/
			metadata_url https://sso.company.com/.well-known/openid-configuration
		}
		authentication portal applogin {
			crypto default token lifetime 3600
			cookie domain auth.company.com
			enable identity provider generic
			transform user {
				action add role app/user
				match realm generic
			}
		}
	}
	servers {
		trusted_proxies cloudflare {
			interval 12h
			timeout 15s
		}
	}
}

Expected behavior

The JWKS key should be accepted and oauth provider should work correctly.
@greenpau
Copy link
Owner

greenpau commented Apr 4, 2024

@radokristof , it is impossible to troubleshoot this without having access to live system. If you do set one up for me, please reach on LinkedIn and I will help you out.

@radokristof
Copy link
Author

@greenpau thank you, message sent

@radokristof
Copy link
Author

version 1.1.29 now supports lemonldap. Thank you @greenpau for your help!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@greenpau greenpau

Labels
breakfix need triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@greenpau @radokristof