Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Multiple named AuthServices
See original GitHub issueSupport multiple named AuthServices and enable them on a per route mapping configuration. Would also unlock related issue: https://github.com/datawire/ambassador/issues/174
For example, configuring multiple AuthServices:
apiVersion: ambassador/v0
kind: AuthService
name: simple-auth
auth_service: "example-auth:3000"
---
apiVersion: ambassador/v0
kind: AuthService
name: other-auth-strategy
auth_service: "external-auth:8080"
And configuring routes:
apiVersion: ambassador/v0
kind: Mapping
name: qotm_cloud_mapping
prefix: /qotm/
rewrite: /qotm/
service: demo.getambassador.io
authentication: simple-auth
headers:
x-demo-mode: cloud
---
apiVersion: ambassador/v0
kind: Mapping
name: qotm_local_mapping
prefix: /qotm/
rewrite: /
service: qotm
authentication: other-auth-strategy
headers:
x-demo-mode: local
---
apiVersion: ambassador/v0
kind: Mapping
name: qotm_host_mapping
prefix: /qotm/
rewrite: /
service: httpbin.org:80
headers:
x-demo-mode: host
host: httpbin.org
host_rewrite: httpbin.org
# No authentication strategy
Therefore, not all request methods will be proxied to an auth service, and we can select which auth service to use for dynamic routes.
Issue Analytics
- State:
- Created 6 years ago
- Reactions:25
- Comments:10 (2 by maintainers)
Top Results From Across the Web
Multiple named AuthServices · Issue #216 · emissary-ingress ...
Support multiple named AuthServices and enable them on a per route mapping configuration. ... Therefore, not all request methods will be proxied to...
Read more >Authentication service | Edge Stack
It is not possible to combine multiple AuthServices . While it is possible to create multiple AuthService resources, Ambassador Edge Stack load-balances ...
Read more >Configuring multiple SAML2 instances in IdentityServer3 ...
In IdentityServer3 I have configured multiple instances of SAML2 based external providers using SustainSys library as per the documentation.
Read more >Configuring Anthos Service Mesh user authentication
The authservice needs two sets of keys to operate successfully. ... The key will be the claim name in the RCToken and value...
Read more >Authservices StubIdp Improvements: AttributeStatements and ...
In many SAML2 installations additional data, like roles and full name, are included as AttributeStatements. This has been supported by the ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
This is what I was expecting Ambassador to have after experiencing the “self service” style configuration for routing. How auth currently works goes totally against the self service ideology IMO. Right now, all teams/individuals hav to ship changes to two independent services (their service + auth service) whenever they need to change how their service is protected. Also, multiple teams will end up contributing to the same auth service and the auth service might end up being much more complex than it would make sense as business logic might creep in to the auth service handlers.
I’m putting the final touches on envoy grpc support within the project as well if that’s helpful to anyone 😃