Forward Auth configuration

The Auth Server is implemented such that clients are issued with opaque access tokens that are not directly accepted by the actual applications protected by the Auth Server. Instead, clients receive opaque session tokens which are automatically exchanged for real access tokens via the Traefik Forward Auth middleware that is configured as part of a Telicent Core deployment. Both Traefik, and the Auth Server, MUST be configured to use the same shared secret otherwise forward auth will fail. This secret is controlled via the forwardAuth section of the values.yaml used to deploy the Helm Chart.

Example values.yaml section 

#------------------------------------------------------------------------------
# 'X-ForwardAuth-Secret' Header value, including secret(s)
#------------------------------------------------------------------------------
forwardAuth:
  existingSecret: "your-forward-auth-secret"

This simply provides a reference to an existing secret that contains a single header key providing the shared secret value that Traefik will send in Forward Auth requests and the Auth Server will expect to receive in those requests.

[EARLY DRAFT RELEASE] Copyright 2020-2025 Telicent Limited. All rights reserved