It looks like claim headers containing `_` are not supported by Traefik ingress controller.

Question

It looks like claim headers containing `_` are not supported by Traefik ingress controller.

KarolisL opened this issue 5 years ago · comments

Traefik doesn't forward headers with _ from forwardauth.

Consider given_name claim, and following ingress config:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: whoami
  annotations:
    ingress.kubernetes.io/auth-type: forward
    ingress.kubernetes.io/auth-url: http://forwardauth/authorize
    ingress.kubernetes.io/auth-response-headers: Authorization,X-FORWARDAUTH-GIVEN_NAME
  labels:
    app: whoami
    chart: whoami-0.1.0
    release: whoami
    heritage: Tiller
spec:
  rules:
    - host: <snip>
      http:
        paths:
          - path: /
            backend:
              serviceName: echoheaders
              servicePort: 8080

x-forwardauth-given_name is not received by echoheaders.
Traefik helm chart:

NAME           	REVISION	UPDATED                 	STATUS  	CHART            	APP VERSION  	NAMESPACE
traefik        	14      	Sun Sep 15 19:00:19 2019	DEPLOYED	traefik-1.76.1   	1.7.12       	kube-system

Daniel Nord · Answer 1 · Fri Oct 11 2019 23:28:20 GMT+0800 (China Standard Time)

@KarolisL could you close this issue when tested ok?

Karolis Labrencis · Answer 2 · Fri Oct 11 2019 23:32:44 GMT+0800 (China Standard Time)

I've tested it already and it works for me.