Help: OIDC connection with keycloak

[angegar]

Hi there,

I am struggling to configure the contour-authserver to perform an OIDC connection with Keycloak.

When I access my website, envoy correctly root the trafic to contour-authserver to perform the authentication. Once the authentication is done, the connection is close and I do not access my web site.

In the redirectUri, I use the contour-authserver address targetting the port 9443 (but I feel this port only support gRPC request).

Should I configure the website url ? Is there another port which handle the http connection ?

Thank you in advance for the helm you may bring

[angegar]

btw, is it normal to not have the host in this log :

{"level":"info","ts":"2024-01-12T11:54:11Z","logger":"auth.oidc","msg":"checking request","host":"","path":"/cookbook","id":"5548994866080415820"}

[tsaarni]

The redirectURL is the website to be protected. Also redirectPath must be set to some non-existing path within the website, it will be intercepted by contour-authserver when Keycloak redirects back to the website after authentication.
issuerURL includes realm name, e.g. [KEYCLOAK_URL]/realms/master.

[angegar]

Thank you, indeed, I make it works with the redirectPath configured to be the url of the site to protect.

However, I think it does not follow this documentation :

.

Normally the response from the Authorization Provider should go back through the Authorization Server. My understanding of the architecture diagram is that the AuthServer can protect multiple websites as it will receive the source host (which is currently empty into the log), perform the auth request and redirect the trafic to the source web site.

Another point which is interesting, if I authenticate to https://my.website.com/ the authentication mechanism does not work, however if I try https://my.website.com/index.html it works.

Last but no least, is there a way to get rid of the query param conauth= in the URL https://my.website.com//index.html?conauth=hFL5ZcpXKq7RXTPQwKULDz7bzKZ38SaIuG20XGOZCxc=