Stack Overflow
Stack Overflow

Questions tagged [identity-aware-proxy]

68 questions
1
vote
0 answers

TestCafe authentication to IAP secured test environment with application that has Bearer token based user authentication

Our test environment is behind Google IAP and the application under test is using Bearer tokens for user authentication. In order to access the test environment, I am getting the Google JWT token and then adding it as Authorization header on all…
M. Lukjanska
  • 21
  • 4
1
vote
1 answer

Emulating Google IAP headers in development

I'm setting Cloud Run app in GCP. I'm want to use the IAP framework. In my development environment I want to get the headers provided by the IAP. Is there a best practice for this without hardcoding? I'm using vscode and docker. I want to be able to…
Asken
  • 7,679
  • 10
  • 45
  • 77
1
vote
1 answer

Connect to Compute Engine From App Engine or CLoud Run with firewall and IAP

I have an SFTP server running on Google's Compute Engine. The firewall is setup to allow traffic from the Identity aware proxy. I can connect to the service using gcloud ssh locally but I can't connect from App engine or Cloud Run. The service…
LonsomeHell
  • 573
  • 1
  • 7
  • 29
1
vote
3 answers

How to setup a similar Identify Aware Proxy from GCP in Azure

In GCP, it's easy to setup a IAP (hide your apps under a Google oAuth service). For more info: https://cloud.google.com/iap/docs/app-engine-quickstart Does Azure has something similar?
Ramon Medeiros
  • 2,272
  • 2
  • 24
  • 41
1
vote
0 answers

Docker Image Registry behind IAP proxy

I've inherited a system where we have a gitlab Docker image registry hosted in GCP, but it's behind an IAP proxy so I can do a docker pull while connected to our internal network (thanks to firewall rules that bypass the IAP proxy). Is there any…
Ryan
  • 219
  • 3
  • 12
0
votes
2 answers

Cloud Run with IAP behind urlmap, redirects to root

I have a Cloud Run service running on /. I have a second Cloud Run service running on /admin. I'm using a HTTP global loadbalancer to be able to use a custom hostname. I want to protect /admin with IAP. / is public so IAP is off for that backend…
Jaap
  • 3,081
  • 2
  • 29
  • 50
0
votes
0 answers

Connection reset on GCP app after enabling IAP

I'm trying to enable IAP for the first time for an app I have set up and working. I think I'm missing an obvious step in the process, but can't seem to figure it out. In the console if I go to APIs and Services->Credentials, under OAuth 2.0 Client…
Gary Turner
  • 189
  • 9
0
votes
0 answers

How to restrict access to backend App Engine application from a specific EXTERNAL React-JS frontend?

I would like to access all my Flask routes of my Python application running in a Google App Engine only from a React-JS frontend and therefore deny all other requests which are not coming from that frontend. Sofar I've created a Service Account…
mvn1587
  • 11
  • 3
0
votes
0 answers

Google Cloud Identity Aware Proxy (IAP) with regional load balancer on shared VPC (for Cloud Run), is it possible?

Google has recently enabled centralised load balancing with cross project service referencing. I have successfully implemented a shared VPC with the regional load balancer in a Host project. The load balancer works in handing traffic off into a sub…
actualis3
  • 21
  • 3
0
votes
1 answer

Google Cloud IAP: How to access App Engine API (protected by IAP) from a web application hosted on a separate Firebase project?

This is my setup Multiple Python APIs hosted on App Engine Angular client application hosted on Firebase. Users accessing the web application are authenticated by Firebase Auth. When trying to send requests to the APIs hosted on App Engine from the…
breach
  • 27
  • 5
0
votes
1 answer

Binding the roles/iap.tunnelResourceAccessor role to Google Cloud MIG instances with Terraform

I have created a Google Cloud Compute Engine managed instance group (MIG) in Terraform using the google_compute_instance_template and google_compute_instance_group_manager resources and would like to set up access via the identity aware proxy…
Matt Dunn
  • 5,106
  • 6
  • 31
  • 55
0
votes
0 answers

Reaching IAP secured Cloud Run app (working as an API) through Postman

I am having a hard time making a Cloud Run app that would serve as an internal API for employees (no frontend). This would have endpoints like: POST api.mydomain.com/post-some-data where i want to pass some body parameters. After IAP is setup and…
Flamingow
  • 11
  • 2
0
votes
1 answer

IAP accepts expired token in GCP

After following GCP documentation on generating token programmatically. We found that IAP was allowing tokens even when they expired. We were expecting 401 response if an expired token was passed as a bearer token for authentication.
Nick
  • 31
  • 5
0
votes
1 answer

How to add project owners as external provider for IAP in GCP for AppEngine?

Problem layout: I'm working with AppEngine interface and the client has AD/Azure for authentication. I've setup IAP with an external provider (being the Azure setup). Login screen in provided by google. That works. But the login page does not show…
Ilpepe4
  • 71
  • 1
  • 7
0
votes
1 answer

start IAP tunnel programmatically with python

i am trying to connect to a VM through a IAP tunnel, and i need to first open the tunnel I am able to do it with gcloud CLI, however i would like to do it through a python script, possibly without having to resort to run bash command with the…
Raffaele Piccini
  • 1
1 2
3
4 5