Excluding domain/service from oauth

holo_holo · June 21, 2023, 8:08pm

I confiured native oauth according to this post: https://getindata.com/blog/OAuth2-based-authentication-on-Istio-powered-Kubernetes-clusters/

How to exclude some domain from oauth redirection? I was trying by adding domain like here:

apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: known-user
  namespace: istio-system
spec:
  selector:
    matchLabels:
      istio: sandbox-istio
  action: ALLOW
  rules:
    - to:
        - operation:
            hosts:
              - "www.domain.com"
    - when: # Lack of Authorization header will push user to oauth2 filter
        - key: request.headers[Authorization]
          notValues:
            - "Bearer*"

But it does not do what I’m expecting and still redirecting all domains to oauth. Where i should exclude it? Directly on envoy filter, or there is some better place to do it?

Topic		Replies	Views
Exclude RequestAuthentication JWT rules for specific paths Security	3	989	June 24, 2022
Istio exclusion principle not woking Security	2	367	January 23, 2021
Istio ExtAuthz with Oauth2-proxy removing headers in upstream Security	2	2204	August 5, 2021
Istio + OAuth 2.0 Security	13	13071	October 13, 2023
Authentication header being removed before RequestAuthentication Security	5	6482	September 1, 2021

Excluding domain/service from oauth

Related Topics