I tried running the official Obligator container in a slightly modified setup using Podman behind a simple Nginx reverse-proxy and it seems run fine and accept connections.
However when navigating to the page all I see is a big “Welcome to LastLogin.io” and the following error in the browser console:
Content-Security-Policy: The page’s settings blocked an inline script (script-src-elem) from being executed because it violates the following directive: “script-src 'none'” utils.js:42:10
The logs of the container correctly log connection attempts:
2024-07-28T20:42:39Z <IP of my reverse-proxy> GET login.example.org /
I noticed that the official container is still using the older 0.1.0 beta.
I therefore tried running it without the container now, using the official 0.2.0 beta release file for x86 linux, but the issue is very similar.
Just that I get a 404 page not found on black background that seems to originate from the Obligator process and not the reverse-proxy.
Same error in the browser console and same response in the logs of Obligator (but with the correct client IP and not the reverse-proxy one) as above for the container.
Hmm, actually the /.well-known/openid-configuration seems to be working on my new dockerless installation and some other endpoint like /auth return client_id missing
Maybe I am just missing the right sub-directory for the landing page? Or is it only available when fully setting up a client and accessing it from there?
Edit: Ok when faking it with a client id added to the /auth endpoint it seems to give me a similar page as lastlogin.io so I guess it is working.
Would be nice if there was some sort of basic landing page so that this is less confusing.
Would be also great if the -behind-proxy true launch parameter was documented. I only found out about it from the dockerfile and it seems to be important to allow passing through the real IP and not just the reverse-proxy IP. Oddly though it didn’t work with the dockercontainer…
obligator is still currently beta level with respect to documentation and whatnot. As far as I know there aren’t many people using it. So yeah it still requires a bit of elbow grease to get working.
I still need to actually test it with some OIDC clients, but as far as I can tell right now it seems to be working as expected with the 0.2.0 x86 linux release binaries.
Thanks for making this available, I understand that this is still early days, no worries
