Hello,
I always use standard junctions but I realize virtual junctions can make things easy for me so I tried it. But it is not working and I am receiving this message:
"Not found. Application Gateway couldn't find the resource you requested... " (it is translated from spanish)
When I use standard junction, it works, so it is not about the host server.
version: 21.04
identity:
oidc:
discovery_endpoint: "https://example.com"
client_id: "xxxxx"
client_secret: "xxxx"
scopes:
- profile
- openid
- groups
mapped_identity: "{sub}"
id_token_attrs:
- "+sub"
server:
local_applications:
cred_viewer:
path_segment: credview
enable_html: true
attributes:
- "-AUTHENTICATION_LEVEL"
- "+AZN_CRED_GROUPS"
session:
timeout: 28800
inactive_timeout: 0
ssl:
front_end:
ciphers:
- TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
- TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
- TLS_RSA_EXPORT_WITH_RC4_40_MD5
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_DES_CBC_SHA
local_pages:
content: "@healthz.zip"
type: zip
protocols:
- http
- https
resource_servers:
- virtual_host: "one.example.com"
connection_type: "tcp"
servers:
- host: "frontend"
port: "9099"
transparent_path: true
identity_headers:
attributes:
- attribute: sub
header: iv-user
policies:
authorization:
- name: policyA
paths:
- /healthz/index.html
rule: anyuser
action: permit
- name: policy2
paths:
- /example1*
- /example2
rule: (any AZN_CRED_GROUPS != "Example")
action: deny
advanced:
configuration:
- stanza: server
entry: redirect-http-to-https
operation: set
value: [ true ]
- stanza: server
entry: http-method-disabled-local
operation: set
value: ["TRACE,CONNECT"]
- stanza: server
entry: http-method-disabled-remote
operation: set
value: ["TRACE,CONNECT"]
Can you see anything wrong? For your knowledge, I deployed it in Kubernetes behind an ingress.
Other quick question: I use config file as configmap. It there any way to update config file and IBM IAG take this new configuration without rebooting the pod?
Regards and thank you everybody for your help
------------------------------
Javier Garcia Pazos
------------------------------