Hi everyone.
I currently need that every time a service is required to be accessed, you must first verify in another internal service if you are logged in.
There is currently the logon logic within my service.
My question is: how can I do that if I want to consume another service within my network? First I will validate that the login exists. The service offers a 200 or a 401.
I’m looking for options with EnvoyFilter but I can’t find a solution.
It is something similar to an authentication with Auth0 but this time I must validate against an internal service.
If you can help me, I would greatly appreciate it.
I have applied the yaml making the respective modifications based on my service.
But I don’t see that it’s working. Do you know how I can see if there is an error?
I have just gone over this myself, was not able to get it to work on the GATEWAY, which is what I had wanted, but did work on the SIDECAR. The response to that thread is pretty much what I have working. I had some logging on the 2 service to see the requests. To verify I removed the active login (flushed redis cache backing the authentication) and was logged out from the front end.
This is the app that needs authentication. auth is the name of the service doing the authentication and ns is the name of the namespace where the auth server lives. just put the filter in the same namespace as your app.
So is my EnvoyFilter.
But when I see the logs of my istio gateway, I only get a 200 response. At no time does it access the filtering service.
It’s wrong ? Or am I misunderstanding how it works?
so both your app and the authentication service are in the testing namespace. you have envoy sidecar added to the back-test pod? I am using auto sidecar injection. this seems like it should be working.
do your pods have an istio-proxy container added? they should. if so you can log on to them and curl localhost:15001/clusters to make sure your auth cluster is available.