I am using a dockerized version of Crowd which is sitting behind a Traefik reverse proxy.
Everything works fine except for one thing: I have a third party application that uses Crowd for identity management and I have added it as an application and added the external IP address of the third party application in the Remote Addresses tab.
However, Crowd blocks the authentication requests with this message:
> INFO [crowd.manager.validation.ClientValidationManagerImpl] Client with address '172.25.0.4' is forbidden from making requests to application 'x x x'
172.25.0.4 is the IP address of the reverse proxy in the internal Docker network.
What changes do I have to make so that Crowd is able to know the original IP address? Is there a header that Traefik should set or something similar?
Sounds like it's missing the X-Forwarded-For header. In nginx, we'd set it like this:
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Traefik is new territory for me however! I see mention about Forwarded headers needing to have a trusted IP but am not completely sure that's what needs to happen in this situation. That's the path I'm headed down learning more about - just wanted to mention this in advance in case you might already have some knowledge in that area. If not, I will hopefully have some more info for you soon.
We’re proud to announce that our integration with Amazon DevOps Guru is now live. The Amazon and Opsgenie product teams have worked together to build a deep integration between Opsgenie and the new...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events