It looks like claim headers containing `_` are not supported by Traefik ingress controller.
KarolisL opened this issue · comments
Traefik doesn't forward headers with _
from forwardauth.
Consider given_name
claim, and following ingress config:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: whoami
annotations:
ingress.kubernetes.io/auth-type: forward
ingress.kubernetes.io/auth-url: http://forwardauth/authorize
ingress.kubernetes.io/auth-response-headers: Authorization,X-FORWARDAUTH-GIVEN_NAME
labels:
app: whoami
chart: whoami-0.1.0
release: whoami
heritage: Tiller
spec:
rules:
- host: <snip>
http:
paths:
- path: /
backend:
serviceName: echoheaders
servicePort: 8080
x-forwardauth-given_name is not received by echoheaders.
Traefik helm chart:
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
traefik 14 Sun Sep 15 19:00:19 2019 DEPLOYED traefik-1.76.1 1.7.12 kube-system
@KarolisL could you close this issue when tested ok?
I've tested it already and it works for me.