General troubleshooting steps
Set the log level to TRACE
Setting the log level to trace configures the outpost to trace-log all the headers given in forward auth requests.
This is helpful to confirm that certain required Headers are correctly forwarded from the reverse proxy.
When using the embedded Outpost
Set the authentik log level to TRACE:
- docker-compose
- Kubernetes
Add the following block to your .env file:
AUTHENTIK_LOG_LEVEL=trace
Afterwards, run docker compose up -d.
Add the following block to your values.yml file:
authentik:
log_level: trace
Afterwards, upgrade helm release.
When using a standard outpost
Edit the outpost settings and set log_level: trace. This setting should propagate to the outpost instances within a couple seconds.
Ensure /outpost.goauthentik.io is accessible
Everything under /outpost.goauthentik.io should be publicly accessible, as URLs under this path are used for authentication.
To check this, run curl -v https://app.company/outpost.goauthentik.io/ping. A correct setup should contain output looking like this:
[...]
< HTTP/2 204
[...]