OIDC authenticated target


is it currently possible to connect to a target that then uses OIDC for authentication, with a redirect to for example Vault as OIDC provider?


I have https targets which do that but they require some additional parts to work. I have built a custom SOCKS5 proxy which can be told to dynamically redirect some hosts to a boundary listener. The browser I use uses that proxy so when I open the URL of the target I am routed through boundary. From the target the browser is forwarded to the OIDC provider which does not go through the proxy. That provider could well be Vault.

Without the custom proxy you’d probably need to deal with certificate issues involved.

That sounds very interesting. Do you have some snippet example how that could be implemented?
Is the proxy also behind a boundary worker or publicly reachable?