resources/haproxy/spoe-auth.conf

[spoe-auth]
spoe-agent auth-agents
    option var-prefix auth

    timeout hello      2s
    timeout idle       2m
    timeout processing 1s

    groups try-auth-all
    use-backend backend_spoe-agent

spoe-group try-auth-all
    messages try-auth-ldap
    messages try-auth-oidc

spoe-message try-auth-ldap
    args authorization=req.hdr(Authorization) authorized_group=str(users)
    event on-frontend-http-request if { hdr_beg(host) -i app1.example.com } || { hdr_beg(host) -i app2.example.com } || { hdr_beg(host) -i app3.example.com }

spoe-message try-auth-oidc
    args arg_ssl=ssl_fc arg_host=req.hdr(Host) arg_pathq=pathq arg_cookie=req.cook(authsession) arg_client_id=var(req.oidc_client_id) arg_client_secret=var(req.oidc_client_secret) arg_redirect_url=var(req.oidc_redirect_url) arg_token_claims=var(req.oidc_token_claims)
    event on-frontend-http-request if { hdr_beg(host) -i app1.example.com } || { hdr_beg(host) -i app2.example.com } || { hdr_beg(host) -i app3.example.com }