diff --git a/salt/common/nginx/nginx.conf.so-eval b/salt/common/nginx/nginx.conf.so-eval index f0f03bac2..254f9834c 100644 --- a/salt/common/nginx/nginx.conf.so-eval +++ b/salt/common/nginx/nginx.conf.so-eval @@ -134,9 +134,9 @@ http { proxy_set_header Connection "Upgrade"; } - location /auth/ { + location ~ ^/auth/.*?(whoami|login|logout) { rewrite /auth/(.*) /$1 break; - proxy_pass http://{{ masterip }}:4433/; + proxy_pass http://{{ masterip }}:4433; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -295,7 +295,7 @@ http { error_page 401 = @error401; location @error401 { - add_header Set-Cookie "NSREDIRECT=http://{{ masterip }}$request_uri;Domain={{ masterip }};Path=/;Max-Age=60000"; + add_header Set-Cookie "AUTH_REDIRECT=$request_uri;Max-Age=14400"; return 302 /auth/self-service/browser/flows/login; } diff --git a/salt/common/nginx/nginx.conf.so-master b/salt/common/nginx/nginx.conf.so-master index f0f03bac2..e2615808f 100644 --- a/salt/common/nginx/nginx.conf.so-master +++ b/salt/common/nginx/nginx.conf.so-master @@ -134,9 +134,9 @@ http { proxy_set_header Connection "Upgrade"; } - location /auth/ { + location ~ ^/auth/.*?(whoami|login|logout) { rewrite /auth/(.*) /$1 break; - proxy_pass http://{{ masterip }}:4433/; + proxy_pass http://{{ masterip }}:4433; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -295,7 +295,7 @@ http { error_page 401 = @error401; location @error401 { - add_header Set-Cookie "NSREDIRECT=http://{{ masterip }}$request_uri;Domain={{ masterip }};Path=/;Max-Age=60000"; + add_header Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400"; return 302 /auth/self-service/browser/flows/login; } diff --git a/salt/common/nginx/nginx.conf.so-mastersearch b/salt/common/nginx/nginx.conf.so-mastersearch index f0f03bac2..e2615808f 100644 --- a/salt/common/nginx/nginx.conf.so-mastersearch +++ b/salt/common/nginx/nginx.conf.so-mastersearch @@ -134,9 +134,9 @@ http { proxy_set_header Connection "Upgrade"; } - location /auth/ { + location ~ ^/auth/.*?(whoami|login|logout) { rewrite /auth/(.*) /$1 break; - proxy_pass http://{{ masterip }}:4433/; + proxy_pass http://{{ masterip }}:4433; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -295,7 +295,7 @@ http { error_page 401 = @error401; location @error401 { - add_header Set-Cookie "NSREDIRECT=http://{{ masterip }}$request_uri;Domain={{ masterip }};Path=/;Max-Age=60000"; + add_header Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400"; return 302 /auth/self-service/browser/flows/login; } diff --git a/salt/soc/files/kratos/schema.json b/salt/soc/files/kratos/schema.json index 28e630a8f..a22a9fef6 100644 --- a/salt/soc/files/kratos/schema.json +++ b/salt/soc/files/kratos/schema.json @@ -19,6 +19,18 @@ "via": "email" } } + }, + "firstName": { + "type": "string", + "title": "First Name" + }, + "lastName": { + "type": "string", + "title": "Last Name" + }, + "role": { + "type": "string", + "title": "Role" } }, "required": [ diff --git a/salt/soc/files/soc/soc.json b/salt/soc/files/soc/soc.json index f69a66117..af739a3ef 100644 --- a/salt/soc/files/soc/soc.json +++ b/salt/soc/files/soc/soc.json @@ -11,6 +11,9 @@ "filedatastore": { "jobDir": "jobs" }, + "kratos": { + "hostUrl": "http://{{ MASTERIP }}:4434/" + }, "securityonion": { "elasticsearchHost": "http://{{ MASTERIP }}:9200", "elasticsearchUsername": "",