traefik-oidc-wasm

command module
v0.0.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 30, 2024 License: Apache-2.0 Imports: 25 Imported by: 0

README

Traefik OIDC WASM Plugin

This plugin allows you to secure the upstream services with an OpenID Connect (OIDC) provider. It uses the WASM extension of Traefik to perform.

[!WARNING] This middleware is under active development - things should NOT break, but they might.

💡 Getting Started

Enable the plugin in your traefik configuration.

experimental:
  plugins:
    traefik-oidc:
      moduleName: "github.com/xzzpig/traefik-oidc-wasm"
      version: "v0.0.4"

Add a middleware and reference it in a route.

http:
  services:
    whoami:
      loadBalancer:
        servers:
          - url: http://whoami:80

  middlewares:
    oidc-auth:
      plugin:
        traefik-oidc:
          provider:
            issuerUrl: "https://idm.example.com"
            clientID: your_client_id
            clientSecret: your_client_secret
            scopes: ["openid", "profile", "email", "groups"]
          claimMap:
            name: "X-Oidc-Name"
            preferred_username: "X-Oidc-Username"
            sub: "X-Oidc-Subject"
            groups: "X-Oidc-Groups"
          endpoint:
            logout: "/oauth2/logout"

  routers:
    whoami:
      entryPoints: ["web"]
      rule: "HostRegexp(`.+`)"
      service: whoami
      middlewares: ["oidc-auth"]

🛠 Configuration Options

Plugin Config
Name Required Type Default Description
provider yes Provider none Identity Provider Configuration. See Provider Config.
cookie no Cookie none Cookie Configuration. See Cookie Config.
endpoint no Endpoint none Endpoint Configuration. See Endpoint Config.
totp no TOTP none TOTP Configuration to generate auth state. See TOTP Config.
claimMap no map[string]string none key value pairs of claims to extract from the OIDC token and set as headers.
dnsAddr no string "1.1.1.1:53" Address of the DNS server to use. (Because there is no default DNS resolver in WASM, this is required)
tokenAutoRefreshTime no time.Duration 5m The rest of time to auto refresh the token.
enable no bool true Enable the plugin.
Provider Config
Name Required Type Default Description
issuerUrl yes string none URL of the OIDC provider.
clientID yes string none Client ID of the OIDC client.
clientSecret yes string none Client Secret of the OIDC client.
scopes no []string ["openid"] Scopes to request from the OIDC provider.
Name Required Type Default Description
accessToken no string "__oidc_token" Name of the cookie to store the access token.
refreshToken no string "__oidc_refresh_token" Name of the cookie to store the refresh token.
originPath no string "__oidc_origin_path" Name of the cookie to store the origin path.
Endpoint Config
Name Required Type Default Description
callback no string "/oauth2/callback" Path to the OIDC callback endpoint.
logout no string "/oauth2/logout" Path to the OIDC logout endpoint.
fallback no string "/" Path to the fallback endpoint. When logout is called, it will redirect to this endpoint.
TOTP Config
Name Required Type Default Description
Period no uint 30 The period of the TOTP token.
Skew no uint 0 The skew of the TOTP token.
Digest no uint 8 The length of the TOTP token.
Algorithm no string "SHA1" The algorithm of the TOTP token.

Documentation

Overview

nolint

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.