I have an application that is available at http:://host/context/ . I want to configure Kong such that the URLs http:://host/ and http://host/context get redirected to http:://host/context/.
I can easily do this with a combination of request-termination & response-transformer plugins… the catch is: I need to also forward query parameters. So, this is the behaviour I want:
- User visits http:://host/ → redirected to
- User visits http:://host/context → redirected to
- User visits http:://host/?param=value → redirected to
- User visits http:://host/context?param=value → redirected to
I’m using Kong in DB-less mode and my configuration for the redirects is:
services: - name: my-redirects url: http://localhost:8080/ routes: - name: redirect-route paths: - /context$ - /$ plugins: - name: request-termination config: status_code: 301 message: Redirect to main page... - name: response-transformer config: add: headers: - Location:/context/
Is there some way to modify this portion of the configuration:
add: headers: - Location:/context/
with something that also includes the query params in the request? I expect to be able to do something like:
add: headers: - Location:/context/$query_params
Or should I modify the Kong’s NGINX configuration? (how do I do this though? I’d like to avoid using a custom docker image, is it possible to just put the
location portion and tell Kong to include it inside its template via env vars?)
To give a bigger picture. My application uses Keycloak and OpenID connect for authentication, so Kong is the R.P. Moreover Keycloak has Azure as Brokered Identity Provider.
The problem with the redirects is that if I go to http:://host/context, I get redirected to Keycloak (good) I authenticate but in the end I get stuck in a redirect loop that ends with “too many redirects” because Keycloak redirects to something like http:://host/context?state=…&other=… which gets redirected to http:://host/context/ which gets redirected to a keycloak url http:://keycloak/auth/realms/my-realm/… which redirects to http:://host/context?state=…&other=… etc.
I believe part of the problem is that the redirect to http:://host/context/ does not include the query params and thus some state is missing to complete the authentication.
(note: the double colon in http:: is because otherwise I’m unable to post the topic as a new user)