Questions tagged [identity-aware-proxy]
39 questions
3
votes
2 answers
Unable to enable CORS requests to a Google App Engine IAP
Signing in users with external identities from Safari and Brave is not working. The workaround for Safari is to disable Prevent cross-site tracking in the setting menu. There is another option using gcloud iap settings set as explained in…
Shi nik
- 31
- 1
3
votes
1 answer
Trouble authorizing access to App Engine via IAP
I currently have App Engine up and running, protected by IAP, and my eventual aim is to have this be triggered by an Apps Script project. I've tested the code without IAP and it works fine. However, I'm running into difficulties successfully…
lblnd
- 33
- 3
3
votes
2 answers
How do you enable CORS requests to a Google Compute Engine IAP enabled Load Balancer?
GCP allows external HTTPS load balancers to be protected by Identity Aware Proxy (IAP), using your google account credentials to protect the web server behind the load balancer. This an easy way to protect web services you want to use internally.…
Andrew Ring
- 2,430
- 1
- 14
- 25
2
votes
1 answer
Google App Engine & Identity-Aware Proxy - Validate if external users has MFA enabled
I did some research to find a way to validate that external users (outside the GCP organization) have multi-factor authentication enabled. I found Google Workspace is_2sv_enrolled, but this is specific to users in the organization.
Do you know if…
7up1t3r
- 21
- 2
1
vote
1 answer
How to enable IAP on a subdomain in App Engine?
I wanted to know whether it is possible to enable IAP OAuth for App Engine but for a subdomain or a subfolder. I have already enabled it for the domain, but I don't want it to show up for the entire website. For example: I want to use IAP secured…
Antariksh Pratham
- 19
- 4
1
vote
1 answer
GCP Kubernetes: Ingress and external load balancer with IAP lots of open ports scanning nmap
I have a k8s cluster running a Service behind an Ingress with an external HTTPS load balancer and I have Identity-aware proxy protecting my system. The ingress has a public IP and when I scan it with nmap I see the following open ports:
PORT …
Furbeenator
- 7,322
- 4
- 40
- 51
1
vote
1 answer
IAP GCIP integration results in HTTP 404 error on /config resource
Trying to integrate Github OAUTH2 using Google Cloud Identity Platform and Identity Aware Proxy on GCP and Firebase UI deployed on Cloud Run (out-of-the-box). I have owner role for this account
Getting following error from browser console, when…
tronline
- 97
- 1
- 7
1
vote
0 answers
TestCafe authentication to IAP secured test environment with application that has Bearer token based user authentication
Our test environment is behind Google IAP and the application under test is using Bearer tokens for user authentication.
In order to access the test environment, I am getting the Google JWT token and then adding it as Authorization header on all…
M. Lukjanska
- 21
- 4
1
vote
3 answers
How to run a Cloud Scheduler job with App Engine HTTP when protected by IAP
I have a Python app on Google App Engine Standard which is secured using Google Cloud Identity Aware Proxy (IAP).
I would like to trigger a part of my app every day by using Cloud Scheduler. (It is calling an API, doing calculations, and stores…
tim
- 53
- 5
1
vote
0 answers
Docker Image Registry behind IAP proxy
I've inherited a system where we have a gitlab Docker image registry hosted in GCP, but it's behind an IAP proxy so I can do a docker pull while connected to our internal network (thanks to firewall rules that bypass the IAP proxy).
Is there any…
Ryan
- 187
- 2
- 12
1
vote
2 answers
Using Google IAP through custom domain on App Engine
Enabling a custom domain on an App Engine service is now a breeze, so is enabling IAP (Google Identity-Aware Proxy) But, I can't figure out how to get IAP and my custom domain to work together!
both https://myservice-dot-myapplication.appspot.com…
Clorichel
- 1,470
- 1
- 9
- 20
0
votes
1 answer
Service to service requests on App Engine with IAP
I'm using Google App Engine to host a couple of services (a NextJS SSR service and a backend API built on Express). I've setup my dispatch.yaml file to route /api/* requests to my API service and all other requests get routed to the default (NextJS)…
Matt Bise
- 33
- 1
- 4
0
votes
0 answers
Identity-Aware Proxy Authorization Error 403 org_internal
I have a Python Streamlit app hosted in GCP via App Engine. Following this tutorial, I added an Idenity-Aware Proxy to secure the app.
The IAP is activated and the OAuth consent screen it set to internal.
In the IAP settings, I added myself and a…
winwin
- 323
- 4
- 15
0
votes
0 answers
Allow communication between an SPA and REST API with IAP in between
Currently there are two deployments on GKE my-app-frontend and my-app-backend, both are accessed through an ingress and protected by IAP. my-app-backend also has CORS enabled. When my-app-frontend hosted at my-app.com makes a request to…
Vlad Croitoru
- 1
- 1
0
votes
1 answer
Google Cloud Platform and Terraform to protect App Engine with Identity Aware Proxy IAP
It's around three days that I'm getting crazy trying to secure via Terraform my App Engine. When I secure my application manually through GCP console my steps are:
Create App Engine
Activate IAP and create an OAuth consent screen
Activate the…
letscloud
- 45
- 1
- 4