lua-resty-openidc icon indicating copy to clipboard operation
lua-resty-openidc copied to clipboard

Published 20 hours ago verified publisher icon zmartzone

How to setup openidc for multiple clients using same nginx instance ?

Open ouenzerfi opened this issue 3 years ago • 1 comments

I want to setup SSO for multiple apps that are running behind the nginx. These apps share same client id (from keycloak point of view). It seems that the apps are sharing same session which causes a non valid authentication process.

What is the proper way to setup such a scenario ?

Environment
  • lua-resty-openidc version 1.19.9
  • OpenID Connect provider Keycloak
Configuration and NGINX server log files
   server {
        listen 443 ssl;
        server_name demo;
        access_by_lua '
                local opts = {
                    redirect_uri = "/callback",
                    discovery = "https://demo/.well-known/openid-configuration",
                    client_id = "demo",
                    client_secret = "xxxxxxx-yyyyy"
                }
                -- call authenticate for OpenID Connect user authentication
                local res, err = require("resty.openidc").authenticate(opts)
                if err then
                    ngx.status = 500
                    ngx.say(err)
                    ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
                end 
                ';
        location / {
                proxy_pass https://app1/;
        }
        location /app2/ {
                proxy_pass         http://app2/;
        }      
	    location /app3/ {
   		 proxy_pass         http://app3/;
  	    }
	    location /app4/ {
		 proxy_pass http://app4/;
        }                     
    }

ouenzerfi avatar Apr 11 '22 08:04 ouenzerfi

You can move the access_by_lua '......'; block to under the individual location {} block instead.

dsantanu avatar May 12 '22 16:05 dsantanu