You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At first here's my setup:
In front of akhq there is a kong gateway with keycloak integration.
The user authenticates with keycloak. Requests of authenticated users are forwarded by kong to akhq. A username and the jwt token are send as http header elements to akhq. In the jwt token the access rights are listened (like roles, topics filter regexp...). When using the jwt token as username (via header-auth.user-header) i have access to the jwt token and can process it. But then the displayed username in akhq is the base64-encoded jwt token, which is very ugly. When using the username header in header-auth.user-header, i dont have access to the jwt token in groovy anymore.
Is there a way to access http headers in the groovy external role mapper ?
I haven't found a servlet filter or anything else which could implement this.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
At first here's my setup:
In front of akhq there is a kong gateway with keycloak integration.
The user authenticates with keycloak. Requests of authenticated users are forwarded by kong to akhq. A username and the jwt token are send as http header elements to akhq. In the jwt token the access rights are listened (like roles, topics filter regexp...). When using the jwt token as username (via header-auth.user-header) i have access to the jwt token and can process it. But then the displayed username in akhq is the base64-encoded jwt token, which is very ugly. When using the username header in header-auth.user-header, i dont have access to the jwt token in groovy anymore.
Is there a way to access http headers in the groovy external role mapper ?
I haven't found a servlet filter or anything else which could implement this.
Beta Was this translation helpful? Give feedback.
All reactions