Stack Overflow
Stack Overflow

Questions tagged [identity-aware-proxy]

68 questions
1
vote
1 answer

Three identical GCP projects/service, but only one works with IAP authentication

I have three projects under my organization on GCP (dev, staging, prod). The IAM settings are shared/set on the organizational level. On each project I have made a Cloud Run app with the GCP example container "hello". Keep in mind that all of these…
Flamingow
  • 11
  • 2
1
vote
0 answers

Getting Azure AD groups of authenticated user via Google Identity-Aware Proxy -> SAML -> Azure AD

We have two clouds: GCP for our apps Azure for user management I need to set up a role based auth in my GCP hosted app based on the user groups he is assigned to in the Azure Active Directory. So I need to get the AD groups somehow. The standard…
Viacheslav Luschinskiy
  • 1,309
  • 1
  • 10
  • 8
1
vote
1 answer

Invalid IAP credentials: JWT audience doesn't match this application

We have a Django application is hosted on GCP cloud run and sits behind IAP for user authentication. Our use case was to generate token on a local machine by a user and after getting the token. Followed IAP Programmatic authentication but was…
Nick
  • 31
  • 5
1
vote
0 answers

Allow IAP on applications running on Compute Engine

I currently have different web application running in Compute engine using an external IP.(everyone can connect and even login if they have the correct information) I would like to enable IAP to project those webpage. By enabling IAP for https…
rma
  • 11
  • 1
1
vote
1 answer

IAP opens two sessions for App Engine and Compute Engine access

Context I have 3 services running in GCP. One of them is SPA that's running in AppEngine and two others are APIs running in Compute Engine. I configured HTTPS Load Balancer in front of them with single domain and enabled IAP (with Identity Platform…
volod
  • 21
  • 5
1
vote
0 answers

Missing cookie key/value from request headers in one iAP enabled App Engine instance but not the other

Context: 2 app engine (flex) node servers: identical configuration Both include the 3 commonly used key/values in the request headers x-goog-authenticated-user-email x-goog-authenticated-user-id x-goog-iap-jwt-assertion 1 of them consistently…
insta catering
  • 151
  • 2
  • 12
1
vote
1 answer

Serverless API Gateway on GCP

I'm looking for a solution to have a gateway to serverless on GCP with an Authorization/ Authentication made by IAM but didn't find a perfect solution to it. The idea's to have these gateway managing endpoints from APIs on GCP Functions, Cloud Run…
BernardoMorais
  • 571
  • 2
  • 6
  • 14
1
vote
1 answer

GCloud ssh cannot connect when called

I have testing code in Go, which sets up a state on a Compute Engine Instance (and don't want to expose the ports). Since there seems to be no easy way of doing this in Golang directly, I utilize gcloud: func TestMe(t *testing.T) { cmd :=…
abergmeier
  • 13,224
  • 13
  • 64
  • 120
1
vote
2 answers

Is it currently possible to programmatically enable iap.googleapis.com in GCP?

Is it currently possible to programmatically enable iap.googleapis.com in GCP? When we configure the iap service in terraform currently, it doesnt seem to be fully enabled. When I visit the IAP page in gcp console, it tells me: "Before you can use…
corsair
  • 347
  • 3
  • 13
1
vote
1 answer

What users can access my AppEngine application that is protected by Identity Aware Proxy for an internal OAuth application?

IAP allows you to protect apps on AppEngine by defining which principal has access using roles/iap.httpsResourceAccessor. If I have a group in IAM called participants and I add external people (personal gmail accounts & contractors) to that group,…
pascalwhoop
  • 2,984
  • 3
  • 26
  • 40
1
vote
1 answer

Access website behind IAP programatically?

I want to access a websites REST APIs that is deployed on GCP and is behind Identity-Aware-Proxy (IAP). I only need to be able to access from my local computer, and I can't use Service Account key to achieve that. I've tried to use gcloud auth login…
Dawiss
  • 65
  • 1
  • 11
1
vote
1 answer

Google App Engine and Identity-Aware Proxy - Enable MFA for SSH?

Is there a way to enable multi-factor auth for SSH access to App Engine instances? Everything I've found points to "OS Login" for that, but it only seems to apply to Compute instances. I understand I can enable MFA for the org and the gcloud CLI…
Mike Hartman
  • 140
  • 1
  • 6
1
vote
0 answers

GCP Load Balancer with IAP

Is there a way to setup the load balancer so that I can enable IAP without exposing the 443 port of my application? I would like to accept https requests in the load balancer (just to enable IAP) but only http in my app? How can I add a forwarding…
s_curry_s
  • 3,332
  • 9
  • 32
  • 47
1
vote
1 answer

IAP GCIP integration results in HTTP 404 error on /config resource

Trying to integrate Github OAUTH2 using Google Cloud Identity Platform and Identity Aware Proxy on GCP and Firebase UI deployed on Cloud Run (out-of-the-box). I have owner role for this account Getting following error from browser console, when…
tronline
  • 117
  • 1
  • 9
1
vote
1 answer

Google App Engine & Identity-Aware Proxy - Validate if external users has MFA enabled

I did some research to find a way to validate that external users (outside the GCP organization) have multi-factor authentication enabled. I found Google Workspace is_2sv_enrolled, but this is specific to users in the organization. Do you know if…
7up1t3r
  • 11
  • 2
1
2
3 4 5