I set up dashboard auth with Azure as IdP and Pusher's Oauth2_Proxy. We do not use rbac. I have 2 options but can't make the 2nd work :

1- I use this ingress for the dashboard to order Nginx to request authentication via oauth2_proxy that asks Azure :

# For an OAuth2 Proxy hosted at https://auth.example.com/oauth2
# Configure Nginx Auth Request Module
ingress.kubernetes.io/auth-url: "https://auth.example.com/oauth2/auth"
ingress.kubernetes.io/auth-signin: "https://auth.example.com/oauth2/start?rd=https://$host$request_uri$is_args$args"
# Proxy Authentication header to Dashboard
ingress.kubernetes.io/configuration-snippet: |
# adds authorization header for kubernetes-dashboard
 auth_request_set $token $upstream_http_authorization;
 proxy_set_header Authorization $token;

Authentication works fine. For authorization I have 2 options :

• clicking Skip (- --enable-skip-login in dashboard deployment manifest) bring me to the dashboard with full admin privileges (no rbac means the dashboard Service Account is full admin I guess)
• or I provide the Service Account token

2- If I just add - --set-authorization-header=true to my oauth2_proxy Deployment manifest, I bypass the login window using an authorization header. This time, if Nginx receives a 202 because oauth2-proxy found that I am well authenticated to Azure, it allows the request to the dashboard and proxies the authorization header in its auth response.

My issue is I am unauthorized everywhere because I do not find how I can link my Azure user to the dashboard Service Account or else.

Do you guys have an idea? Thanks