We have deployed istio version 1.11.0 in the GKE cluster.
Traffic flow looks like this:
GCP Https Loadbalancer >> Istio ingress gateway (cluster ip service) >> web application.
Gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: backend-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
tls:
httpsRedirect: true
- port:
number: 443
name: https-443
protocol: HTTPS
hosts:
- "*"
tls:
mode: SIMPLE
credentialName: {{ .Values.istio.tls.secretName }}
virtual-service.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: backend-app
spec:
hosts:
- "*"
gateways:
- default/backend-gateway
http:
- name: ui
match:
- uri:
prefix: /
rewrite:
uri: /
headers:
request:
add:
Cache-Control: "max-age=0, no-cache, no-store, must-revalidate"
Pragma: "no-cache"
Expires: "-1"
Content-Security-Policy: "style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/ 'unsafe-inline';connect-src 'self' https://login.microsoftonline.com/ https://apis.google.com/ https://accounts.google.com/ https://api-js.mixpanel.com/"
add_header: "more_clear_headers server"
corsPolicy:
allowOrigins:
- exact: "*"
allowMethods:
- POST
- GET
allowCredentials: true
route:
- destination:
host: ui-service
port:
number: 80
SSO flow: Web application >> Microsoft Server >> web application
Ref: https://learn.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-react
We are using MSAL library in web application for SSO.
Ref: https://www.npmjs.com/package/msal
Microsoft server is not able to send responses back to the web application.
Getting error as ClientAuthError: User canceled the flow.
PFA screenshot.
Expected traffic calls should be like this:
Actual traffic calls are:
