2021-05-23 16:14:37 +00:00
<!doctype html> < html lang = en class = no-js > < head > < meta charset = utf-8 > < meta name = viewport content = "width=device-width,initial-scale=1" > < link href = https://kubernetes.github.io/ingress-nginx/examples/customization/external-auth-headers/ rel = canonical > < link rel = "shortcut icon" href = ../../../assets/images/favicon.png > < meta name = generator content = "mkdocs-1.1.2, mkdocs-material-6.2.4" > < title > External authentication - NGINX Ingress Controller< / title > < link rel = stylesheet href = ../../../assets/stylesheets/main.15aa0b43.min.css > < link rel = stylesheet href = ../../../assets/stylesheets/palette.75751829.min.css > < meta name = theme-color content = #009485 > < link rel = preconnect href = https://fonts.gstatic.com crossorigin > < link rel = stylesheet href = "https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback" > < style > body , input { font-family : "Roboto" , - apple-system , BlinkMacSystemFont , Helvetica , Arial , sans-serif } code , kbd , pre { font-family : "Roboto Mono" , SFMono-Regular , Consolas , Menlo , monospace } < / style > < link rel = stylesheet href = ../../../extra.css > < script > window . ga = window . ga || function ( ) { ( ga . q = ga . q || [ ] ) . push ( arguments ) } , ga . l = + new Date , ga ( "create" , "UA-118407822-1" , "kubernetes.github.io" ) , ga ( "set" , "anonymizeIp" , ! 0 ) , ga ( "send" , "pageview" ) , document . addEventListener ( "DOMContentLoaded" , function ( ) { document . forms . search && document . forms . search . query . addEventListener ( "blur" , function ( ) { if ( this . value ) { var e = document . location . pathname ; ga ( "send" , "pageview" , e + "?q=" + this . value ) } } ) } ) , document . addEventListener ( "DOMContentSwitch" , function ( ) { ga ( "send" , "pageview" , document . location . pathname ) } ) < / script > < script async src = https://www.google-analytics.com/analytics.js > < / script > < / head > < body dir = ltr data-md-color-scheme data-md-color-primary = teal data-md-color-accent = green > < input class = md-toggle data-md-toggle = drawer type = checkbox id = __drawer autocomplete = off > < input class = md-toggle data-md-toggle = search type = checkbox id = __search autocomplete = off > < label class = md-overlay for = __drawer > < / label > < div data-md-component = skip > < a href = #external-authentication-authentication-service-response-headers-propagation class = md-skip > Skip to content < / a > < / div > < div data-md-component = announce > < / div > < header class = md-header data-md-component = header > < nav class = "md-header-nav md-grid" aria-label = Header > < a href = https://kubernetes.github.io/ingress-nginx title = "NGINX Ingress Controller" class = "md-header-nav__button md-logo" aria-label = "NGINX Ingress Controller" > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M12 8a3 3 0 003-3 3 3 0 00-3-3 3 3 0 00-3 3 3 3 0 003 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54z" / > < / svg > < / a > < label class = "md-header-nav__button md-icon" for = __drawer > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2z" / > < / svg > < / label > < div class = md-header-nav__title data-md-component = header-title > < div class = md-header-nav__ellipsis > < div class = md-header-nav__topic > < span class = md-ellipsis > NGINX Ingress Controller < / span > < / div > < div class = md-header-nav__topic > < span class = md-ellipsis > External authentication < / span > < / div > < / div > < / div > < label class = "md-header-nav__button md-icon" for = __search > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M9.5 3A6.5 6.5 0 0116 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 019.5 16 6.5 6.5 0 013 9.5 6.5 6.5 0 019.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z" / > < / svg > < / label > < div class = md-search data-md-component = search role = dialog > < label class = md-search__overlay for = __search > < / label > < div class = md-search__inner role = search > < form class = md-search__form name = search > < input type = text class = md-search__input name = query aria-label = Search placeholder = Search autocapitalize = off autocorrect = off autocomplete = off spellcheck = false data-md-component = search-query data-md-state = active required > < label class = "md-search__icon md-icon" for = __search > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M9.5 3A6 . 5 6 . 5 0
2021-01-11 15:59:14 +00:00
< span class = go > deployment " demo-auth-service" created< / span >
< span class = go > service " demo-auth-service" created< / span >
< span class = go > ingress " demo-auth-service" created< / span >
< span class = go > deployment " demo-echo-service" created< / span >
< span class = go > service " demo-echo-service" created< / span >
< span class = go > ingress " public-demo-echo-service" created< / span >
< span class = go > ingress " secure-demo-echo-service" created< / span >
< span class = gp > $< / span > kubectl get po
< span class = go > NAME READY STATUS RESTARTS AGE< / span >
< span class = go > demo-auth-service-2769076528-7g9mh 1/1 Running 0 30s< / span >
< span class = go > demo-echo-service-3636052215-3vw8c 1/1 Running 0 29s< / span >
< span class = go > kubectl get ing< / span >
< span class = go > NAME HOSTS ADDRESS PORTS AGE< / span >
< span class = go > public-demo-echo-service public-demo-echo-service.kube.local 80 1m< / span >
< span class = go > secure-demo-echo-service secure-demo-echo-service.kube.local 80 1m< / span >
< / code > < / pre > < / div > < p > Test 1: public service with no auth header< / p > < div class = highlight > < pre > < span > < / span > < code > < span class = gp > $< / span > curl -H < span class = s1 > ' Host: public-demo-echo-service.kube.local' < / span > -v < span class = m > 192< / span > .168.99.100
< span class = go > * Rebuilt URL to: 192.168.99.100/< / span >
< span class = go > * Trying 192.168.99.100...< / span >
< span class = go > * Connected to 192.168.99.100 (192.168.99.100) port 80 (#0)< / span >
< span class = gp > > < / span > GET / HTTP/1.1
< span class = gp > > < / span > Host: public-demo-echo-service.kube.local
< span class = gp > > < / span > User-Agent: curl/7.43.0
< span class = gp > > < / span > Accept: */*
< span class = gp > > < / span >
< span class = go > < HTTP/1.1 200 OK< / span >
< span class = go > < Server: nginx/1.11.10< / span >
< span class = go > < Date: Mon, 13 Mar 2017 20:19:21 GMT< / span >
< span class = go > < Content-Type: text/plain; charset=utf-8< / span >
< span class = go > < Content-Length: 20< / span >
< span class = go > < Connection: keep-alive< / span >
< span class = go > < < / span >
< span class = go > * Connection #0 to host 192.168.99.100 left intact< / span >
< span class = go > UserID: , UserRole:< / span >
< / code > < / pre > < / div > < p > Test 2: secure service with no auth header< / p > < div class = highlight > < pre > < span > < / span > < code > < span class = gp > $< / span > curl -H < span class = s1 > ' Host: secure-demo-echo-service.kube.local' < / span > -v < span class = m > 192< / span > .168.99.100
< span class = go > * Rebuilt URL to: 192.168.99.100/< / span >
< span class = go > * Trying 192.168.99.100...< / span >
< span class = go > * Connected to 192.168.99.100 (192.168.99.100) port 80 (#0)< / span >
< span class = gp > > < / span > GET / HTTP/1.1
< span class = gp > > < / span > Host: secure-demo-echo-service.kube.local
< span class = gp > > < / span > User-Agent: curl/7.43.0
< span class = gp > > < / span > Accept: */*
< span class = gp > > < / span >
< span class = go > < HTTP/1.1 403 Forbidden< / span >
< span class = go > < Server: nginx/1.11.10< / span >
< span class = go > < Date: Mon, 13 Mar 2017 20:18:48 GMT< / span >
< span class = go > < Content-Type: text/html< / span >
< span class = go > < Content-Length: 170< / span >
< span class = go > < Connection: keep-alive< / span >
< span class = go > < < / span >
< span class = go > < html> < / span >
< span class = go > < head> < title> 403 Forbidden< /title> < /head> < / span >
< span class = go > < body bgcolor=" white" > < / span >
< span class = go > < center> < h1> 403 Forbidden< /h1> < /center> < / span >
< span class = go > < hr> < center> nginx/1.11.10< /center> < / span >
< span class = go > < /body> < / span >
< span class = go > < /html> < / span >
< span class = go > * Connection #0 to host 192.168.99.100 left intact< / span >
< / code > < / pre > < / div > < p > Test 3: public service with valid auth header< / p > < div class = highlight > < pre > < span > < / span > < code > < span class = gp > $< / span > curl -H < span class = s1 > ' Host: public-demo-echo-service.kube.local' < / span > -H < span class = s1 > ' User:internal' < / span > -v < span class = m > 192< / span > .168.99.100
< span class = go > * Rebuilt URL to: 192.168.99.100/< / span >
< span class = go > * Trying 192.168.99.100...< / span >
< span class = go > * Connected to 192.168.99.100 (192.168.99.100) port 80 (#0)< / span >
< span class = gp > > < / span > GET / HTTP/1.1
< span class = gp > > < / span > Host: public-demo-echo-service.kube.local
< span class = gp > > < / span > User-Agent: curl/7.43.0
< span class = gp > > < / span > Accept: */*
< span class = gp > > < / span > User:internal
< span class = gp > > < / span >
< span class = go > < HTTP/1.1 200 OK< / span >
< span class = go > < Server: nginx/1.11.10< / span >
< span class = go > < Date: Mon, 13 Mar 2017 20:19:59 GMT< / span >
< span class = go > < Content-Type: text/plain; charset=utf-8< / span >
< span class = go > < Content-Length: 44< / span >
< span class = go > < Connection: keep-alive< / span >
< span class = go > < < / span >
< span class = go > * Connection #0 to host 192.168.99.100 left intact< / span >
< span class = go > UserID: 1443635317331776148, UserRole: admin< / span >
< / code > < / pre > < / div > < p > Test 4: secure service with valid auth header< / p > < div class = highlight > < pre > < span > < / span > < code > < span class = gp > $< / span > curl -H < span class = s1 > ' Host: secure-demo-echo-service.kube.local' < / span > -H < span class = s1 > ' User:internal' < / span > -v < span class = m > 192< / span > .168.99.100
< span class = go > * Rebuilt URL to: 192.168.99.100/< / span >
< span class = go > * Trying 192.168.99.100...< / span >
< span class = go > * Connected to 192.168.99.100 (192.168.99.100) port 80 (#0)< / span >
< span class = gp > > < / span > GET / HTTP/1.1
< span class = gp > > < / span > Host: secure-demo-echo-service.kube.local
< span class = gp > > < / span > User-Agent: curl/7.43.0
< span class = gp > > < / span > Accept: */*
< span class = gp > > < / span > User:internal
< span class = gp > > < / span >
< span class = go > < HTTP/1.1 200 OK< / span >
< span class = go > < Server: nginx/1.11.10< / span >
< span class = go > < Date: Mon, 13 Mar 2017 20:17:23 GMT< / span >
< span class = go > < Content-Type: text/plain; charset=utf-8< / span >
< span class = go > < Content-Length: 43< / span >
< span class = go > < Connection: keep-alive< / span >
< span class = go > < < / span >
< span class = go > * Connection #0 to host 192.168.99.100 left intact< / span >
< span class = go > UserID: 605394647632969758, UserRole: admin< / span >
< / code > < / pre > < / div > < / article > < / div > < / div > < / main > < footer class = md-footer > < div class = md-footer-nav > < nav class = "md-footer-nav__inner md-grid" aria-label = Footer > < a href = ../custom-headers/ class = "md-footer-nav__link md-footer-nav__link--prev" rel = prev > < div class = "md-footer-nav__button md-icon" > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z" / > < / svg > < / div > < div class = md-footer-nav__title > < div class = md-ellipsis > < span class = md-footer-nav__direction > Previous < / span > Custom Headers < / div > < / div > < / a > < a href = ../ssl-dh-param/ class = "md-footer-nav__link md-footer-nav__link--next" rel = next > < div class = md-footer-nav__title > < div class = md-ellipsis > < span class = md-footer-nav__direction > Next < / span > Custom DH parameters for perfect forward secrecy < / div > < / div > < div class = "md-footer-nav__button md-icon" > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11H4z" / > < / svg > < / div > < / a > < / nav > < / div > < div class = "md-footer-meta md-typeset" > < div class = "md-footer-meta__inner md-grid" > < div class = md-footer-copyright > Made with < a href = https://squidfunk.github.io/mkdocs-material/ target = _blank rel = noopener > Material for MkDocs < / a > < / div > < / div > < / div > < / footer > < / div > < script src = ../../../assets/javascripts/vendor.93c04032.min.js > < / script > < script src = ../../../assets/javascripts/bundle.83e5331e.min.js > < / script > < script id = __lang type = application/json > { "clipboard.copy" : "Copy to clipboard" , "clipboard.copied" : "Copied to clipboard" , "search.config.lang" : "en" , "search.config.pipeline" : "trimmer, stopWordFilter" , "search.config.separator" : "[\\s\\-]+" , "search.placeholder" : "Search" , "search.result.placeholder" : "Type to start searching" , "search.result.none" : "No matching documents" , "search.result.one" : "1 matching document" , "search.result.other" : "# matching documents" , "search.result.more.one" : "1 more on this page" , "search.result.more.other" : "# more on this page" , "search.result.term.missing" : "Missing" } < / script > < script >
2020-04-15 17:09:38 +00:00
app = initialize({
base: "../../..",
2021-01-11 15:59:14 +00:00
features: ['navigation.tabs', 'navigation.tabs.sticky', 'navigation.instant', 'navigation.sections'],
2020-04-15 17:09:38 +00:00
search: Object.assign({
2021-01-11 15:59:14 +00:00
worker: "../../../assets/javascripts/worker/search.8c7e0a7e.min.js"
2020-04-15 17:09:38 +00:00
}, typeof search !== "undefined" & & search)
})
2021-01-11 15:59:14 +00:00
< / script > < / body > < / html >
