PhenixID web apps authentication – Header based authentication
This authenticator is used in a scenario where you have another security front end, such as a reverse proxy, that stands in front of PhenixID server. The front end server is also responsible of validating the user. The front end proxy needs to pass the username (or other attribute identifying the user) to the back end server (PhenixID server)
Modules Required
- auth-http
Configuration
Configuration Properties:
Example configuration
The configuration must be added in the Advanced section of Configuration Manager.
HTTP Authenticators
{
"alias" : "header",
"name" : "HeaderBasedAuthenticator",
"configuration" : {
"pipeID" : "pipeValidateUserExists",
"header" : "USERID"
},
"id" : "header",
"successURL" : "/selfservice/"
}
Pipe
{
"id" : "pipeValidateUserExists",
"valves" : [ {
"name" : "LDAPSearchValve",
"config" : {
"connection_ref" : "local_ldap",
"base_dn" : "o=IAMService",
"scope" : "SUB",
"size_limit" : 0,
"filter_template" : "(uid={{request.USERID}})",
"attributes" : ""
}
}, {
"name" : "FlowFailValve",
"config" : {
"message":"User does not exist",
"exec_if_expr" : "flow.items().isEmpty()"
}
},
{
"name": "PropertyAddValve",
"config": {
"name": "roles",
"value": "auth:7313aa29-f399-4a5b-afd3-fb1d7a88ae93",
"enable_multi_value": "true"
}
} ]
}
Read this article to get the correct value for the roles property.