Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong Authelia URL in redirection for unauthenticated users #255

Closed
mathieures opened this issue Aug 4, 2024 · 0 comments · Fixed by #264
Closed

Wrong Authelia URL in redirection for unauthenticated users #255

mathieures opened this issue Aug 4, 2024 · 0 comments · Fixed by #264

Comments

@mathieures
Copy link

Hello, I have been trying to set up Authelia for the first time since a few days, with the aim to access it from https://mydomain.tld/auth.

However, I found that the configMap.session.cookies[].path key was not taken into account when filling the values file. I am using a modified version of the values.local.yaml file, with many defaults but the specific key configMap.session.cookies set to:

[...]
configMap:
  session:
    cookies:
      -
        subdomain: ''
        domain: 'mydomain.tld'
        path: 'auth'
[...]

However, I was getting the following error whenever trying to access an application behind a Traefik v2 reverse proxy (the default with k3s):

time="2024-08-04T22:12:01Z" level=info msg="Access to https://mydomain.tld/myapplication/index.html (method GET) is not authorized to user <anonymous>, responding with status code 302 with location redirect to https://mydomain.tld/?rd=https%3A%2F%2Fmydomain.tld%2Fmyapplication%2Findex.html&rm=GET" method=GET path=/api/authz/forward-auth remote_ip=10.42.0.1

Notice the redirection URL being https://mydomain.tld/?rd=..., not taking into account the auth subpath that should be there.

Fortunately, I have solved the problem by manually editing the configuration.yaml ConfigMap to add the missing subpath to the session.cookies[].authelia_url key, going from the original:

[...]
    session:
      name: 'authelia_session'
      same_site: 'lax'
      inactivity: '5 minutes'
      expiration: '1 hour'
      remember_me: '1 month'
      cookies:
        - domain: 'mydomain.tld'
          authelia_url: 'https://mydomain.tld'
[...]

To the working:

[...]
    session:
      name: 'authelia_session'
      same_site: 'lax'
      inactivity: '5 minutes'
      expiration: '1 hour'
      remember_me: '1 month'
      cookies:
        - domain: 'mydomain.tld'
          authelia_url: 'https://mydomain.tld/auth' # added '/auth' here
[...]

I have no knowledge in writing Helm charts so I couldn't make a pull request, but I believe this line is to blame:

chartrepo/charts/authelia/templates/configMap.yaml

Line 205 in 7c554d6

authelia_url: {{ printf "https://%s" (include "authelia.ingress.host" (merge (dict "SubDomain" $cookie.subdomain "Domain" $cookie.domain) $)) | squote }}

I decided to create this issue because I have seen others getting the same error, so hopefully this can help someone. Even if it’s a configuration issue on my end, I’d be glad to know that it is one. If needed, I can provide the whole values file.

Thank you for your time.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: authelia url path authelia/chartrepo
1 participant
@mathieures