APISIX

Casdoor can use the OIDC protocol to link to APISIX, and this document will show you how to do it.

The following are some of the names in the configuration:

CASDOOR_HOSTNAME: Domain name or IP where Casdoor server is deployed.

APISIX_HOSTNAME: Domain name or IP where APISIX is deployed.

Step1. Deploy Casdoor and APISIX

Firstly, the Casdoor and APISIX should be deployed.

After a successful deployment, you need to ensure:

  1. Casdoor can be logged in and used normally.
  2. Set Casdoor’s origin value (conf/app.conf) to CASDOOR_HOSTNAME. Casdoor conf

Step2. Configure Casdoor application

  1. Create or use an existing Casdoor application.
  2. Add a redirect url: http://APISIX_HOSTNAME/REDIRECTWHATYOUWANT,and change REDIRECTWHATYOUWANT to the redirect url you need.
  3. Select “JWT-Empty” for the Token format option
  4. Add provider you want and supplement other settings.

Application Setting Not surprisingly, you can get two values ​​on the application settings page: Client ID and Client secret like the picture above, we will use them in next step.

Open your favorite browser and visit: http://`CASDOOR_HOSTNAME`/.well-known/openid-configuration, you will see the OIDC configure of Casdoor.

Step3. Configure APISIX

APISIX has official OIDC support, which is implemented using lua-resty-openidc.

You can customize the settings according to the APISIX OIDC documentation, in which the following routing settings will be used:

  1. #Use your own X-Api-Key
  2. $ curl  -XPOST APISIX_HOSTNAME/apisix/admin/routes -H "X-Api-Key: edd1c9f034335f136f87ad84b625c8f1" -d '{
  3.   "uri": "/get",
  4.   "name": "apisix_casdoor_test",
  5.   "plugins": {
  6.     "openid-connect": {
  7.       "client_id": "Client ID",
  8.       "client_secret": "Client secret",
  9.       "discovery": "http://CASDOOR_HOSTNAME/.well-known/openid-configuration",
  10.       "introspection_endpoint_auth_method": "client_secret_basic",
  11.       "logout_path": "/logout",
  12.       "realm": "master",
  13.       "redirect_uri": "http://APISIX_HOSTNAME/REDIRECTWHATYOUWANT",
  14.       "bearer_only": false,
  15.       "set_id_token_header": false,
  16.       "access_token_in_authorization_header": true,
  17.       "set_access_token_header": true,
  18.       "set_userinfo_header": false,
  19.       "realm": "master"
  20.     }
  21.   },
  22.   "upstream": {
  23.     "type": "roundrobin",
  24.     "nodes": {
  25.       "httpbin.org:80": 1
  26.     }
  27.   }
  28. }'

Now, visit http://APISIX_HOSTNAME/get, the browser will redirect you to the casdoor login page, and after successfully logging in, you will, not surprisingly, see that we have sent a request to httpbin.org. APISIX_Result