Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

外部认证插件失败 #1505

Open
bianshuangwei opened this issue Nov 12, 2024 · 3 comments
Open

外部认证插件失败 #1505

bianshuangwei opened this issue Nov 12, 2024 · 3 comments

Comments

@bianshuangwei
Copy link

你好,我部署了Higress单机版,配置了Nacos2的服务,服务列表中配置的nacos的命名空间ID是默认的public,外部认证服务检测到的服务的名称是:ext-auth.DEFAULT-GROUP.public.nacos,服务列表中显示的命名空间是mcp,根据外部认证官方配置文档,我做了如下配置:
http_service:
endpoint_mode: envoy
endpoint:
service_name: ext-auth.public.svc.cluster.local
service_port: 7689
path_prefix: /ext-auth/auth
timeout: 1000
配置envoy模式,service name的尝试了ext-auth.DEFAULT-GROUP.public.nacos、ext-auth.public.svc.cluster.local 和ext-auth.mcp.svc.cluster.local,调用接口返回403forbidden
修改为forward_auth模式,service name做了同样的配置:
http_service:
endpoint:
path: "/ext-auth/auth"
request_method: "GET"
service_name: "ext-auth.public.svc.cluster.local"
service_port: 7689
endpoint_mode: "forward_auth"
timeout: 1000
调用后端接口返回的也是403 forbidden,错误日志内容如下:
gateway-1 | 2024-11-12T06:07:19.797821Z error envoy wasm external/envoy/source/extensions/common/wasm/context.cc:1393 wasm log higress-system.ext-auth-1.0.0: [ext-auth] failed to call ext auth server: error status returned by host: bad argument thread=29
gateway-1 | {"authority":"192.168.2.102:90","bytes_received":"0","bytes_sent":"0","downstream_local_address":"172.24.0.6:80","downstream_remote_address":"192.168.2.102:37558","duration":"1","istio_policy_status":"-","method":"GET","path":"/basic/higress","protocol":"HTTP/1.1","request_id":"0c71d6a3-98ce-4522-9a0a-dcecb927b6b7","requested_server_name":"-","response_code":"403","response_flags":"-","route_name":"-","start_time":"2024-11-12T06:07:19.796Z","trace_id":"-","upstream_cluster":"outbound|7788||higress-basic.DEFAULT-GROUP.public.nacos","upstream_host":"-","upstream_local_address":"-","upstream_service_time":"-","upstream_transport_failure_reason":"-","user_agent":"curl/7.29.0","x_forwarded_for":"192.168.2.102"}
请问这个是什么原因呢?
@johnlanni
Copy link
Collaborator

to call ext auth server: error status returned by host: bad argument thread=29

这个是服务发现不了,你的 service name 配置有错,控制台上看到的服务名称是什么?

@bianshuangwei
Copy link
Author

to call ext auth server: error status returned by host: bad argument thread=29

这个是服务发现不了,你的 service name 配置有错,控制台上看到的服务名称是什么?

控制台上看到的服务名称是ext-auth.DEFAULT-GROUP.public.nacos,命名空间mcp

@johnlanni
Copy link
Collaborator

ext-auth.DEFAULT-GROUP.public.nacos
那service name 应该填这个,你改成这个报什么错呢?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@johnlanni @bianshuangwei