Authenticator is misconfigured or disabled

darioghilardi · October 30, 2019, 11:57am

Hi,
I configured a basic setup for oathkeeper but for some reasons my configuration is always wrong.
I get back the following error:

A rule uses a malformed configuration and all URLs matching this rule will not work. You should resolve this issue now." error="authenticator matching this route is misconfigured or disabled".

Here is my config.yaml:

serve:
  api:
    port: 4456
    host: ''
  proxy:
    port: 4455
    host: ''

access_rules:
  repositories:
    - "file://rules.json"

authenticators:
  noop:
    enabled:
      enabled: true

I am sure this file is picked up because the rules.json is read and evaluated. Here is it:

[{
  "id": "some-id",
  "upstream": {
    "url": "http://localhost:3000/"
  },
  "match": {
    "url": "http://localhost:4455/some-route",
    "methods": [
      "GET"
    ]
  },
  "authenticators": [{
    "handler": "noop"
  }]
}]

I tried almost all combinations of config and even tried with ENV variables but I always get the same error. Any hint?
Thank you.

darioghilardi · October 31, 2019, 10:38am

I was finally able to solve the problem.

I saw in the release notes that the configuration has been changed in the last beta, that’s probably why oathkeeper didn’t pick up my declarations in config.yaml.
Also the previous docker configuration I used was not in line with the one in the examples, which explains my troubles setting the configuration using the environment.

Here are the detailed working configurations, first docker-compose.yml:

 version: '3.3'

  services:
    oathkeeper-proxy:
      image: oryd/oathkeeper:latest
      ports:
        - "4455:4455"
      depends_on:
        - oathkeeper-api
      command:
        serve proxy
      environment:
        - LOG_LEVEL=debug
        - PORT=4455
        - OATHKEEPER_API_URL=http://oathkeeper-api:4456
        - AUTHENTICATORS_JWT_ENABLED=true
        - AUTHENTICATORS_NOOP_ENABLED=true
        - MUTATORS_NOOP_ENABLED=true
        - AUTHORIZERS_ALLOW_ENABLED=true
      restart: on-failure
      volumes:
        - "/root/.oathkeeper.yaml:/.oathkeeper.yaml"
        - "/root/rules.json:/rules.json"
        - "/root/jwks.json:/jwks.json"

    oathkeeper-api:
      image: oryd/oathkeeper:latest
      ports:
        - "4456:4456"
      command:
        serve api
      environment:
        - DATABASE_URL=memory
        - LOG_LEVEL=debug
        - PORT=4456
        - AUTHENTICATORS_JWT_ENABLED=true
        - AUTHENTICATORS_NOOP_ENABLED=true
        - MUTATORS_NOOP_ENABLED=true
        - AUTHORIZERS_ALLOW_ENABLED=true
      restart: on-failure
      volumes:
        - "/root/.oathkeeper.yaml:/.oathkeeper.yaml"
        - "/root/jwks.json:/jwks.json"

Then I set my rules like the following:

  [{
    "id": "my-rules",
    "upstream": {
      "url": "http://upstream.com/",
      "preserve_host": false
    },
    "match": {
      "url": "http://my-address:4455/graphiql",
      "methods": [
        "GET", "POST", "OPTIONS", "PUT", "DELETE"
      ]
    },
    "authenticators": [{
      "handler": "jwt",
      "config": {
        "jwks_urls": [
          "file://jwks.json"
        ]
      }
    }],
    "authorizer": {
      "handler": "allow"
    },
    "mutators": [{
      "handler": "noop"
    }]
  }]

Last, my .oathkeeper.yaml:

 serve:
    api:
      port: 4456
      host: ''
    proxy:
      port: 4455
      host: ''

  access_rules:
    repositories:
      - "file://rules.json"