habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

outposts/proxy: add X-Auth-Groups header to pass groups

Browse Source 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer
2021-07-22 10:47:58 +02:00
parent c05240afbf
commit 66bfa6879d
3 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
internal/outpost/proxy/proxy.go
View File

@ -428,6 +428,10 @@ func (p *OAuthProxy) addHeadersForProxying(rw http.ResponseWriter, req *http.Req
if err != nil {
log.WithError(err).Warning("Failed to parse IDToken")
}
// Set groups in header
groups := strings.Join(claims.Groups, "|")
req.Header["X-Auth-Groups"] = []string{groups}
userAttributes := claims.Proxy.UserAttributes
// Attempt to set basic auth based on user's attributes
if p.SetBasicAuth {
@ -461,6 +465,7 @@ func (p *OAuthProxy) addHeadersForProxying(rw http.ResponseWriter, req *http.Req
func (p *OAuthProxy) stripAuthHeaders(req *http.Request) {
if p.PassUserHeaders {
req.Header.Del("X-Forwarded-User")
req.Header.Del("X-Auth-Groups")
req.Header.Del("X-Forwarded-Email")
req.Header.Del("X-Forwarded-Preferred-Username")
}