outposts/proxy: add new headers with unified naming

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-10-02 22:00:23 +02:00
parent 52bbf454e3
commit 3c1ac4c7ec
2 changed files with 16 additions and 0 deletions

View File

@ -109,11 +109,18 @@ class TraefikMiddlewareReconciler(KubernetesObjectReconciler[TraefikMiddleware])
address=f"http://{self.name}.{self.namespace}:9000/akprox/auth/traefik", address=f"http://{self.name}.{self.namespace}:9000/akprox/auth/traefik",
authResponseHeaders=[ authResponseHeaders=[
"Set-Cookie", "Set-Cookie",
# Legacy headers, remove after 2022.1
"X-Auth-Username", "X-Auth-Username",
"X-Auth-Groups", "X-Auth-Groups",
"X-Forwarded-Email", "X-Forwarded-Email",
"X-Forwarded-Preferred-Username", "X-Forwarded-Preferred-Username",
"X-Forwarded-User", "X-Forwarded-User",
# New headers, unique prefix
"X-authentik-username",
"X-authentik-groups",
"X-authentik-email",
"X-authentik-name",
"X-authentik-uid",
], ],
trustForwardHeader=True, trustForwardHeader=True,
) )

View File

@ -9,12 +9,21 @@ import (
func (a *Application) addHeaders(r *http.Request, c *Claims) { func (a *Application) addHeaders(r *http.Request, c *Claims) {
// https://goauthentik.io/docs/providers/proxy/proxy // https://goauthentik.io/docs/providers/proxy/proxy
// Legacy headers, remove after 2022.1
r.Header.Set("X-Auth-Username", c.PreferredUsername) r.Header.Set("X-Auth-Username", c.PreferredUsername)
r.Header.Set("X-Auth-Groups", strings.Join(c.Groups, "|")) r.Header.Set("X-Auth-Groups", strings.Join(c.Groups, "|"))
r.Header.Set("X-Forwarded-Email", c.Email) r.Header.Set("X-Forwarded-Email", c.Email)
r.Header.Set("X-Forwarded-Preferred-Username", c.PreferredUsername) r.Header.Set("X-Forwarded-Preferred-Username", c.PreferredUsername)
r.Header.Set("X-Forwarded-User", c.Sub) r.Header.Set("X-Forwarded-User", c.Sub)
// New headers, unique prefix
r.Header.Set("X-authentik-username", c.PreferredUsername)
r.Header.Set("X-authentik-groups", strings.Join(c.Groups, "|"))
r.Header.Set("X-authentik-email", c.Email)
r.Header.Set("X-authentik-name", c.Name)
r.Header.Set("X-authentik-uid", c.Sub)
userAttributes := c.Proxy.UserAttributes userAttributes := c.Proxy.UserAttributes
// Attempt to set basic auth based on user's attributes // Attempt to set basic auth based on user's attributes
if *a.proxyConfig.BasicAuthEnabled { if *a.proxyConfig.BasicAuthEnabled {