Heimdall
Heimdall copied to clipboard
linuxserver
Authentik IDP forward auth issue
I use Authentik as my identity provider for all my apps. I have Heimdall frontend'ed by Nginx Proxy Manager. This works fine. When I try to put in the required Advanced code in NPM to use Authentik, I get a 500 error. I suspect it's because nginx is also inside the container.
Can someone tell me what I would need to change in the container config to allow this to work?
The nginx error log shows: auth request unexpected status: 400 while sending to client,
proxy_buffer_size 32k;
location / {
proxy_set_header X-Forwarded-Proto https;
proxy_pass $forward_scheme://$server:$port;
auth_request /outpost.goauthentik.io/auth/nginx;
error_page 401 = @goauthentik_proxy_signin;
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
auth_request_set $authentik_username $upstream_http_x_authentik_username;
auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
auth_request_set $authentik_email $upstream_http_x_authentik_email;
auth_request_set $authentik_name $upstream_http_x_authentik_name;
auth_request_set $authentik_uid $upstream_http_x_authentik_uid;
proxy_set_header X-authentik-username $authentik_username;
proxy_set_header X-authentik-groups $authentik_groups;
proxy_set_header X-authentik-email $authentik_email;
proxy_set_header X-authentik-name $authentik_name;
proxy_set_header X-authentik-uid $authentik_uid;
}
location /outpost.goauthentik.io {
proxy_pass http://auth.domain.com/outpost.goauthentik.io;
proxy_set_header Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
add_header Set-Cookie $auth_cookie;
auth_request_set $auth_cookie $upstream_http_set_cookie;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
}
location @goauthentik_proxy_signin {
internal;
add_header Set-Cookie $auth_cookie;
return 302 /outpost.goauthentik.io/start?rd=$request_uri;
}```
