Istio security stopped working

Peter_Flanagan · June 5, 2019, 5:58pm

I had set up istio to use keycloak jwts to secure my backend and had on open frontend.
I had cors set up to allow calls from local frontends for dev purposes.
It was all working as intended and then all of a sudden all calls to the backend from local frontends were met with ‘401 unauthorized Origin authentication failed’ and calls to the frontend on istio were met with ‘RBAC: access denied’. I have since tried uninstalling istio and deleting everything, fresh installing and it is still the same state of affairs.

Any advice on how to debug this or examples of what could have caused this would be greatly appreciated.

philliple · June 6, 2019, 5:46pm

Could it be the case that your jwt expired? RBAC most likely won’t work if authentication fails, depends on how you set the RBAC rules. Can you take a look at https://istio.io/help/ops/security/end-user-auth/ or see the log of istio-proxy for the backend service?

Topic		Replies	Views
RBAC returns either 403 or 302 for each route randomly Security	3	847	May 30, 2019
Oauth2-proxy - RBAC: access denied - redirect works Security security	1	2113	August 27, 2021
Jwt is expired while using istio and oauth2-proxy (keycloak as idp) Security	0	134	August 9, 2023
RequestAuthentication doesn't work with keycloak running on https in Istio1.6.8 Security security	0	458	October 29, 2020
Istio and Keycloak Security	1	436	October 8, 2020

Istio security stopped working

Related Topics