I am facing authentication issues while configuring NGINX Ingress with OAuth2 Proxy and Azure Active Directory in my Kubernetes environment. Adding specific annotations to my Ingress resource results in a 401 Unauthorized error during the OAuth2 authentication flow. Seeking assistance to identify and resolve the root cause. Detailed error logs and configuration snippets are provided
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=https://$host$request_uri
nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
name: ingress
namespace: xxx
spec:
ingressClassName: nginx
rules:
- host: xxxx
http:
paths:
- backend:
service:
name: xxxx
port:
number: 80
path: /
pathType: Prefix
tls:
- hosts:
- xxxx
secretName: xxxx
Logs below:
10.244.0.1 - - [11/Jan/2024:14:38:45 +0000] "GET /oauth2/auth HTTP/1.1" 401 13 "-" "python-httpx/0.24.1" 494 0.010 [] 10.244.1.23:4180 13 0.009 401 252a066e4116ec3c3f21e42cd6b52cdf
10.244.3.6 - - [11/Jan/2024:14:38:45 +0000] "GET /api/work_queues/name/default HTTP/2.0" 302 138 "-" "python-httpx/0.24.1" 91 0.019 [] - - - - 252a066e4116ec3c3f21e42cd6b52cdf
10.244.3.6 - - [11/Jan/2024:14:38:45 +0000] "GET /oauth2/start?rd=https://xxx/api/work_queues/name/default HTTP/2.0" 302 458 "-" "python-httpx/0.24.1" 67 0.008 [] 10.244.1.23:4180 458 0.007 302 88ae0533fd5c0b3588d577fca7ed2e1c
"I attempted to change the path from '/' to '/xxx', and interestingly, the authentication process works successfully when the path is set to '/xxx'. However, authentication fails when the path is configured as '/'. I expected the authentication to work seamlessly with the path set to '/'. Seeking guidance to resolve this issue.
- backend:
service:
name: xxxx
port:
number: 80
path: /
pathType: Prefix