End-user JWT authentication bypassing authentication

navrem · October 11, 2019, 7:50am

Setting up end-user authentication following the document is not taking any effect and service is accessible without passing the auth header.

kind: Policy
apiVersion: authentication.istio.io/v1alpha1
metadata:
  name: "auth-policy"
spec:
  targets:
    - name: coreservice
  origins:
    - jwt:
        issuer: $ISSUER_ACCOUNT
        jwksUri: $JWKSURI
  principalBinding: USE_ORIGIN

this always returns 200 OK

Kubenetes version: v1.15.0
Istio version: 1.2.2

Istio gateway and virtual service are setup and service is externally accessed using NodePort.

navrem · October 16, 2019, 6:54am

Solved this - changing the target from app name to service name fixed the issue and enabled authentication.

Topic		Replies	Views
End user authentication using JWT throws 401 unauthorized for few attempts before being successful Security security	1	1324	March 23, 2020
Istio 1.7 - JWT authentication policy problem Security	8	2249	September 23, 2020
Istio set token claims as header to upstream Security security	1	1542	July 11, 2022
Istio 1.7 - Setup for JWT Auth Security	1	545	September 1, 2020
JWT Policy does not take affect! Policies and Telemetry	24	5735	February 26, 2020

End-user JWT authentication bypassing authentication

Related topics