outposts/proxy: add new headers with unified naming
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
52bbf454e3
commit
3c1ac4c7ec
|
@ -109,11 +109,18 @@ class TraefikMiddlewareReconciler(KubernetesObjectReconciler[TraefikMiddleware])
|
||||||
address=f"http://{self.name}.{self.namespace}:9000/akprox/auth/traefik",
|
address=f"http://{self.name}.{self.namespace}:9000/akprox/auth/traefik",
|
||||||
authResponseHeaders=[
|
authResponseHeaders=[
|
||||||
"Set-Cookie",
|
"Set-Cookie",
|
||||||
|
# Legacy headers, remove after 2022.1
|
||||||
"X-Auth-Username",
|
"X-Auth-Username",
|
||||||
"X-Auth-Groups",
|
"X-Auth-Groups",
|
||||||
"X-Forwarded-Email",
|
"X-Forwarded-Email",
|
||||||
"X-Forwarded-Preferred-Username",
|
"X-Forwarded-Preferred-Username",
|
||||||
"X-Forwarded-User",
|
"X-Forwarded-User",
|
||||||
|
# New headers, unique prefix
|
||||||
|
"X-authentik-username",
|
||||||
|
"X-authentik-groups",
|
||||||
|
"X-authentik-email",
|
||||||
|
"X-authentik-name",
|
||||||
|
"X-authentik-uid",
|
||||||
],
|
],
|
||||||
trustForwardHeader=True,
|
trustForwardHeader=True,
|
||||||
)
|
)
|
||||||
|
|
|
@ -9,12 +9,21 @@ import (
|
||||||
|
|
||||||
func (a *Application) addHeaders(r *http.Request, c *Claims) {
|
func (a *Application) addHeaders(r *http.Request, c *Claims) {
|
||||||
// https://goauthentik.io/docs/providers/proxy/proxy
|
// https://goauthentik.io/docs/providers/proxy/proxy
|
||||||
|
|
||||||
|
// Legacy headers, remove after 2022.1
|
||||||
r.Header.Set("X-Auth-Username", c.PreferredUsername)
|
r.Header.Set("X-Auth-Username", c.PreferredUsername)
|
||||||
r.Header.Set("X-Auth-Groups", strings.Join(c.Groups, "|"))
|
r.Header.Set("X-Auth-Groups", strings.Join(c.Groups, "|"))
|
||||||
r.Header.Set("X-Forwarded-Email", c.Email)
|
r.Header.Set("X-Forwarded-Email", c.Email)
|
||||||
r.Header.Set("X-Forwarded-Preferred-Username", c.PreferredUsername)
|
r.Header.Set("X-Forwarded-Preferred-Username", c.PreferredUsername)
|
||||||
r.Header.Set("X-Forwarded-User", c.Sub)
|
r.Header.Set("X-Forwarded-User", c.Sub)
|
||||||
|
|
||||||
|
// New headers, unique prefix
|
||||||
|
r.Header.Set("X-authentik-username", c.PreferredUsername)
|
||||||
|
r.Header.Set("X-authentik-groups", strings.Join(c.Groups, "|"))
|
||||||
|
r.Header.Set("X-authentik-email", c.Email)
|
||||||
|
r.Header.Set("X-authentik-name", c.Name)
|
||||||
|
r.Header.Set("X-authentik-uid", c.Sub)
|
||||||
|
|
||||||
userAttributes := c.Proxy.UserAttributes
|
userAttributes := c.Proxy.UserAttributes
|
||||||
// Attempt to set basic auth based on user's attributes
|
// Attempt to set basic auth based on user's attributes
|
||||||
if *a.proxyConfig.BasicAuthEnabled {
|
if *a.proxyConfig.BasicAuthEnabled {
|
||||||
|
|
Reference in New Issue