breakfix: Injected headers not present #278
Assignees
Labels
Comments
|
@infogulch , did you try experimenting with the following? https://authp.github.io/docs/authorize/headers#custom-headers |
|
@infogulch , please provide the decoded claims of the token. |
Yes that's where I started from.
Ah thank you for the pointer, I was able to solve it with that hint.
|
|
@infogulch , I am looking to add testimonial sections to https://authcrunch.com. Could you please write one and send it to me at greenpau@outlook.com? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm trying to inject headers following the forward_auth / Trusted Header SSO pattern with a local
users.json, but some of the headers are not present.Configuration
Expand to see full Caddyfile configuration:
{ security { local identity store localdb { realm local path ./users.json } authentication portal myportal { enable identity store localdb ui { links { "App" "http://127.0.0.1:8080" icon "las la-user" "My Identity" "http://127.0.0.1:8081/whoami" icon "las la-user" } } } authorization policy maybe_authorized { set auth url http://127.0.0.1:8081/ allow roles authp/admin authp/user # inject headers with claims enable strip token inject header "Remote-Name" from "name" inject header "Remote-User" from "username" inject header "Remote-Email" from "email_address" inject header "Remote-Groups" from "roles" } } } :8081 { route { authenticate with myportal } } :8080 { route /assets/* { file_server { root context/ } } route { authorize with maybe_authorized respond "custom responder that prints headers" } }Expand to see users.json:
Note: password is
password{ "version": "1.1.2", "policy": { "password": { "keep_versions": 10, "min_length": 8, "max_length": 128, "require_uppercase": false, "require_lowercase": false, "require_number": false, "require_non_alpha_numeric": false, "block_reuse": false, "block_password_change": false }, "user": { "min_length": 3, "max_length": 50, "allow_non_alpha_numeric": false, "allow_uppercase": false } }, "revision": 3, "last_modified": "2023-08-24T01:57:05.436695797Z", "users": [ { "id": "39555452-454e-4c85-829b-8195a8dd8c81", "username": "Correct1596", "name": { "first": "John", "last": "Smith" }, "email_address": { "address": "jsmith@example.com", "domain": "example.com" }, "passwords": [ { "purpose": "generic", "algorithm": "bcrypt", "hash": "$2a$10$oBl7f1PCSi7mqlzOKEjFNeXisAnikYBhasiyl8RcpPgVT4L1t4tWe", "cost": 10, "expired_at": "0001-01-01T00:00:00Z", "created_at": "2021-10-25T17:04:58.4251263Z", "disabled_at": "0001-01-01T00:00:00Z" } ], "created": "0001-01-01T00:00:00Z", "last_modified": "0001-01-01T00:00:00Z", "roles": [ { "name": "admin", "organization": "authp" } ] } ] }Version Information
Expected behavior
Remote-Name = "Smith, John"andRemote-Groups = "authp/user"as I expectRemote-EmailorRemote-Userat all. I guessfrom "username"andfrom "email_address"are trying the wrong fields to select, but I don't know what the right fields are or how to identify them.The text was updated successfully, but these errors were encountered: