outposts/proxy: add additional headers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
382b0e8941
commit
60b95271eb
|
@ -3,7 +3,7 @@ from typing import Any, Optional
|
|||
|
||||
from drf_spectacular.utils import extend_schema_field
|
||||
from rest_framework.exceptions import ValidationError
|
||||
from rest_framework.fields import CharField, ListField, SerializerMethodField
|
||||
from rest_framework.fields import CharField, ListField, ReadOnlyField, SerializerMethodField
|
||||
from rest_framework.serializers import ModelSerializer
|
||||
from rest_framework.viewsets import ModelViewSet, ReadOnlyModelViewSet
|
||||
|
||||
|
@ -109,6 +109,9 @@ class ProxyProviderViewSet(UsedByMixin, ModelViewSet):
|
|||
class ProxyOutpostConfigSerializer(ModelSerializer):
|
||||
"""Proxy provider serializer for outposts"""
|
||||
|
||||
assigned_application_slug = ReadOnlyField(source="application.slug")
|
||||
assigned_application_name = ReadOnlyField(source="application.name")
|
||||
|
||||
oidc_configuration = SerializerMethodField()
|
||||
token_validity = SerializerMethodField()
|
||||
scopes_to_request = SerializerMethodField()
|
||||
|
@ -152,6 +155,8 @@ class ProxyOutpostConfigSerializer(ModelSerializer):
|
|||
"cookie_domain",
|
||||
"token_validity",
|
||||
"scopes_to_request",
|
||||
"assigned_application_slug",
|
||||
"assigned_application_name",
|
||||
]
|
||||
|
||||
|
||||
|
|
|
@ -24,6 +24,11 @@ func (a *Application) addHeaders(headers http.Header, c *Claims) {
|
|||
headers.Set("X-authentik-name", c.Name)
|
||||
headers.Set("X-authentik-uid", c.Sub)
|
||||
|
||||
// System headers
|
||||
headers.Set("X-authentik-meta-outpost", a.outpostName)
|
||||
headers.Set("X-authentik-meta-provider", a.proxyConfig.Name)
|
||||
headers.Set("X-authentik-meta-app", a.proxyConfig.AssignedApplicationSlug)
|
||||
|
||||
userAttributes := c.Proxy.UserAttributes
|
||||
// Attempt to set basic auth based on user's attributes
|
||||
if *a.proxyConfig.BasicAuthEnabled {
|
||||
|
|
10
schema.yml
10
schema.yml
|
@ -28984,7 +28984,17 @@ components:
|
|||
items:
|
||||
type: string
|
||||
readOnly: true
|
||||
assigned_application_slug:
|
||||
type: string
|
||||
description: Internal application name, used in URLs.
|
||||
readOnly: true
|
||||
assigned_application_name:
|
||||
type: string
|
||||
description: Application's display Name.
|
||||
readOnly: true
|
||||
required:
|
||||
- assigned_application_name
|
||||
- assigned_application_slug
|
||||
- external_host
|
||||
- name
|
||||
- oidc_configuration
|
||||
|
|
|
@ -2,20 +2,46 @@
|
|||
title: Overview
|
||||
---
|
||||
|
||||
The proxy outpost sets the following headers:
|
||||
The proxy outpost sets the following user-specific headers:
|
||||
|
||||
```
|
||||
X-authentik-username: akadmin # The username of the currently logged in user
|
||||
X-authentik-groups: foo|bar|baz # The groups the user is member of, separated by a pipe
|
||||
X-authentik-email: root@localhost # The email address of the currently logged in user
|
||||
X-authentik-name: authentik Default Admin # Full name of the current user
|
||||
X-authentik-uid: 900347b8a29876b45ca6f75722635ecfedf0e931c6022e3a29a8aa13fb5516fb # The hashed identifier of the currently logged in user.
|
||||
```
|
||||
- X-authentik-username: `akadmin`
|
||||
|
||||
The username of the currently logged in user
|
||||
|
||||
- X-authentik-groups: `foo|bar|baz`
|
||||
|
||||
The groups the user is member of, separated by a pipe
|
||||
|
||||
- X-authentik-email: `root@localhost`
|
||||
|
||||
The email address of the currently logged in user
|
||||
|
||||
- X-authentik-name: `authentik Default Admin`
|
||||
|
||||
Full name of the current user
|
||||
|
||||
- X-authentik-uid: `900347b8a29876b45ca6f75722635ecfedf0e931c6022e3a29a8aa13fb5516fb`
|
||||
|
||||
The hashed identifier of the currently logged in user.
|
||||
|
||||
Additionally, you can set `additionalHeaders` on groups or users to set additional headers.
|
||||
|
||||
If you enable *Set HTTP-Basic Authentication* option, the HTTP Authorization header is being set.
|
||||
|
||||
Besides these user-specific headers, some application specific headers are also set:
|
||||
|
||||
- X-authentik-meta-outpost: `authentik Embedded Outpost`
|
||||
|
||||
The authentik outpost's name.
|
||||
|
||||
- X-authentik-meta-provider: `test`
|
||||
|
||||
The authentik provider's name.
|
||||
|
||||
- X-authentik-meta-app: `test`
|
||||
|
||||
The authentik application's slug.
|
||||
|
||||
# HTTPS
|
||||
|
||||
The outpost listens on both 9000 for HTTP and 9443 for HTTPS.
|
||||
|
|
Reference in New Issue