Redirected to root after login using oauth2-proxy

Hi, I've tried to find an answer over at oauth2-proxy first, but got redirected here.
I'm running Traefik 2.4.9 in a Kubernetes 1.20 cluster, using Keycloak as an OIDC provider.
While I've got thomseddon's traefik-forward-auth working, I just can't get Oauth2-proxy to redirect correctly.

The full details and manifests used can be found in the GitHub issue listed above, but basically:
I'm running all my services on specific subpaths of a single subdomain. Whenever trying to log in using Oauth2-proxy, after going through the auth flow, I get redirect to instead of

The rd parameter in the the oauth2-proxy logs consist of only the subdomain, instead of the full redirect path: - 039656ce-97cb-4289-b8b8-03c5f3dfa708 - - [2021/10/19 09:17:14] GET - "/oauth2/start?" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0" 302 360 0.000

It was suggested that some Traefik settings might be incorrectly configured. I'm running the traefik helm chart with near to unchanged default settings. Does anyone have any idea what settings would affect this redirection behaviour?
Relevant feedback I got from Oauth2-proxy's side:

So looks to me like, whatever is injecting "/oauth2/start?" is not injecting the path. Looking at the rd value here, you are only setting the redirect to the root of the domain ( %2F being / ). So you need to remove that rd parameter to allow the traefik headers to take precedence in the redirect fetching logic.

Otherwise, you need to update whatever is injecting the rd paremeter to also include the path as well, how you'll do that I'm not sure though.

I've tried multiple combinations of Traefik middlewares and Oauth2-proxy settings, amongst others the two suggested configs in Oauth2-proxy's docs.

This topic describes the exact same issue in a slightly different environment, and while the static redirects can be used as a workaround, they are far from ideal.

1 Like