Can oauth2-proxy be used with an ALB?

0

I have an oauth2-proxy working with ingress-nginx and TLS terminating at the NLB, to protect an application behind it. Browsing to mycompany.com redirects to my oauth provider and after authenticating redirects to the app as expected.

However, I'd like to use an Application Load Balancer (ALB) instead of a Network Load Balancer, is it possible?

The ALB doesn't seem to support annotations such as: nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/auth" nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/start?rd=$escaped_request_uri" so I wonder if I'm barking up the wrong tree here.

TIA.

jmmike
asked 3 months ago336 views
1 Answer
1

Is this what you are looking for? https://medium.com/@jainendramandavi/okta-oidc-integration-with-aws-application-load-balancer-alb-5f6e03bbb66b

If not, can you explain what you mean by ALB not supporting the annotations?

AWS
EXPERT
answered 3 months ago
  • [ EDIT: It seems Github doesn't support Open ID, rather OAUTH, so probably not compatible with ALB authentication: I will pursue using a different provider, thank you. ]

    Thanks for taking the time to reply! I was previously following this guide: kubernetes.github.io/ingress-nginx/examples/auth/oauth-external-auth - but the way you suggest in the above article looks like it would be a lot simpler. However, trying to configure this for github "https://token.actions.githubusercontent.com" gives me the error when navigating to my page: "This token.actions.githubusercontent.com page can’t be found" I assume this means the URLs I've configured in the ALB OIDC settings are incorrect?

  • I think so. Would need to look into the configuration further on what has been setup. Found a few documents online for it, not sure if it helps: https://stackoverflow.com/questions/76230388/github-actions-error-no-openidconnect-provider-found-in-your-account-for-https

    There's more guides over the internet. Let me know if those solutions don't work.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions