What happened?
I’m trying to use Pomerium in order to redirect the token once I authenticate through my issuer, towards to argo-workflow UI which supports Token authentication and SSO login. Unfortunately doesn’t work because I’m getting an error on the argo-workflow UI saying that the Token is not recognized.
What I see in the Inspector panel on Chrome is that the token generated by the Login of the argo-workflow UI is starting with Token Bearer v2 and is not the same as the one from Pomerium. I tried to decode it but without success.
The only info that I have from this token via argo-workflow UI is that the algorithm & token type are :
“alg”: “RSA-OAEP-256”,
“enc”: “A256GCM”,
“zip”: “DEF”
This is how I “pass” the headers towards the argo-workflow UI:
annotations:
ingress.pomerium.io/allow_any_authenticated_user: "true"
ingress.pomerium.io/pass_identity_headers: "true"
ingressClassName: "pomerium"
Here is the token value from the argo-workflow how is setting it up:
Starting with "Bearer v2:eyJhbG … " < 602 characters with the double quotes
while the pomerium token that is given:
eyJhb … < 555 characters
My question, is there any way to force pomerium to “pass” the headers as argo-workflow UI would like it? Behind there is a javascript that is handling the login page as I saw. This might part of the issue (I’m guessing)
Many thanks in advance for your feedback and let me know if I can provide more details in order to solve this mystery