Stack Overflow
Stack Overflow

Questions tagged [identity-aware-proxy]

68 questions
0
votes
0 answers

Web socket with cloud run behind a load balancer behind IAP

I have an API under cloud run. My cloud run service is behind a Load Balancer. I'd like to open a socket connection from my front end app to my API (wss protocol). When I use the cloud run service url it works but when I use my custom domain name I…
Kimor
  • 532
  • 4
  • 17
0
votes
1 answer

GCP - Identity Aware Proxy - How to Retrieve OAuth 2.0 Credentials?

I've created a google app engine project with a service protected by IAP. I understand how to use the signed headers to get the authenticated user's identity. But how would I retrieve their OAuth 2.0 credentials? Any suggestions of other ways of…
interrupt0
  • 25
  • 5
0
votes
0 answers

Is it not possible to tunnel SSH to App Engine instance through IAP?

I understand that App Engine instances are intended to be of limited configurability, but it is possible to access them via SSH when they're in debug mode. In this scenario, we connect to them with: gcloud app instances ssh --project=$PROJECT…
Mike Hartman
  • 140
  • 1
  • 6
0
votes
0 answers

Google Cloud IAP CORS policy is blocking my web app from calling the IAP-protected API

I've been having issues with this for too long and I am exhausted... When my web app is calling my IAP-protected API endpoint, I receive the following error: No 'Access-Control-Allow-Origin' header is present on the requested resource.. What's…
Vaizgantas
  • 29
  • 1
  • 7
0
votes
0 answers

Identity-Aware Proxy Authorization Error 403 org_internal

I have a Python Streamlit app hosted in GCP via App Engine. Following this tutorial, I added an Idenity-Aware Proxy to secure the app. The IAP is activated and the OAuth consent screen it set to internal. In the IAP settings, I added myself and a…
winwin
  • 384
  • 6
  • 20
0
votes
0 answers

Allow communication between an SPA and REST API with IAP in between

Currently there are two deployments on GKE my-app-frontend and my-app-backend, both are accessed through an ingress and protected by IAP. my-app-backend also has CORS enabled. When my-app-frontend hosted at my-app.com makes a request to…
Vlad Croitoru
  • 1
  • 1
0
votes
1 answer

Does Identity-Aware Proxy re-use an IP address for simultaneous users?

When using Identity Aware Proxy to tunnel SSH traffic to a VM, the incoming traffic comes from an IP address in the range: 35.235.240.0/20. If more than user connects to a VM at the same time, does IAP reuse an IP address, or does it guarantee that…
Thomas Ruble
  • 842
  • 6
  • 14
0
votes
2 answers

Add firewalls to IAP secured App Engine app with Member: allUsers granted 'IAP-secured Web App User'

I have multiple App Engine Services in the same Google project. My wish is to enable IAP for some of the services and not others (in the same project), however, I know that this is not possible. For the services that I ideally don't want IAP…
Ryan Stack
  • 1,231
  • 1
  • 12
  • 25
0
votes
1 answer

GCIP - enable authorization code grant flow using OIDC based external provider

Trying to configure GCIP with Salesforce Identity as IDP. Tried configuring OIDC based integration. Noticed that there is no field for providing (sfdc) client secret for OIDC based configuration. Also, the response_type=id_token is getting invoked…
tronline
  • 117
  • 1
  • 9
0
votes
1 answer

Problem of setting IAP connector fro on-premise apps

M'm trying to use this guide to protect my on-premise app with google identity aware proxy. I have an on-premise web-app, which is simulated on a gcp VM that is accessible through {public_ip}/scada. What i need to achieve is to enable IAP to protect…
Mark9966
  • 1
  • 1
0
votes
1 answer

How to use OAuth client on GCP project #1 though another project #2 what is connected with firebase?

The situation: Project #1 : contains Load balancer and Identity Aware Proxy accessible though oauth client (android) on GCP project (credentials). Project #2 : is a firebase project. GCP is configured automatically (just created project from…
hexyt
  • 1
0
votes
0 answers

The container app sample published by Google does not work properly

I want to create an app for login authentication using firebaseui in Cloud Run. So, at first, I executed all the items after "Contributions" of the following URL published by Google. However, on the screen of the created app, only the characters…
Jumpei Sasaki
  • 1
  • 1
0
votes
0 answers

Securing services in GKE

In a project we start using GKE to host some services. Those services should be accessible by all team members, but should not be accessible for anyone else in the world. Our team works from home, hence we cannot restrict IP addresses or something…
michas
  • 25,361
  • 15
  • 76
  • 121
0
votes
0 answers

GCP - Enabling External Identity Provider

Trying to add external provider (github) to authenticate user. However, I am running in to following error during Google Cloud Identity Platform setting There was an error in updating the GCIP settings. You can return to your configuration and…
tronline
  • 117
  • 1
  • 9
0
votes
0 answers

GCP Identity-Aware Proxy - return 403

By default, the GCP IAP (enabled for an API resource) redirects to a google login screen - in case of an unauthenticated request. Instead I need to just return 403. Please advice if there a simple setting I'm missing? Alternatively please suggest…
Alex M
  • 2,410
  • 1
  • 24
  • 37
1 2 3
4
5