Context:-
I am following https://kubernetes.github.io/ingress-nginx/examples/auth/external-auth/ to enable authentication for my application by using ingress.
Issue:-
Instead of using https://httpbin.org/basic-auth/user/passwd as auth url, I am using the FQDN of my service running in same namespace.
So my annotations looks like:
annotations:
nginx.ingress.kubernetes.io/auth-url: http://myservice.mynamespace.svc.cluster.local:9995/auth/
where 9995 is the port where myservice exposes /auth/ endpoint
This works when I use curl to hit my APIs passing in the credentials using -u flag.curl -XGET "http://minikubeip/myapp/status/" -H "Content-Type: application/json" -u "$USERNAME:$PASSWORD"
response:-{"status":"working"}
But when I open http://minikubeip/myapp/status/ in my browser it immediately returns me 401 page without showing the authentication popup.
When I use https://httpbin.org/basic-auth/user/passwd for nginx.ingress.kubernetes.io/auth-url both curl and browser work, with browser showing me a pop-up to enter password.
I checked httpbin.org and see that it is a GET endpoint which returns 200 for success and 401 for failure. My /auth API is exactly the same specification
My question is: Do I need to do something special for browser to show the basic-auth popup dialog?
I had to add
w.Header().Set("WWW-Authenticate", Basic realm="mydomain"
)
Found it here: https://stackoverflow.com/a/36188200