outposts/proxy: add additional headers

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-12-01 20:19:09 +01:00
parent 382b0e8941
commit 60b95271eb
4 changed files with 55 additions and 9 deletions

View File

@ -3,7 +3,7 @@ from typing import Any, Optional
from drf_spectacular.utils import extend_schema_field from drf_spectacular.utils import extend_schema_field
from rest_framework.exceptions import ValidationError from rest_framework.exceptions import ValidationError
from rest_framework.fields import CharField, ListField, SerializerMethodField from rest_framework.fields import CharField, ListField, ReadOnlyField, SerializerMethodField
from rest_framework.serializers import ModelSerializer from rest_framework.serializers import ModelSerializer
from rest_framework.viewsets import ModelViewSet, ReadOnlyModelViewSet from rest_framework.viewsets import ModelViewSet, ReadOnlyModelViewSet
@ -109,6 +109,9 @@ class ProxyProviderViewSet(UsedByMixin, ModelViewSet):
class ProxyOutpostConfigSerializer(ModelSerializer): class ProxyOutpostConfigSerializer(ModelSerializer):
"""Proxy provider serializer for outposts""" """Proxy provider serializer for outposts"""
assigned_application_slug = ReadOnlyField(source="application.slug")
assigned_application_name = ReadOnlyField(source="application.name")
oidc_configuration = SerializerMethodField() oidc_configuration = SerializerMethodField()
token_validity = SerializerMethodField() token_validity = SerializerMethodField()
scopes_to_request = SerializerMethodField() scopes_to_request = SerializerMethodField()
@ -152,6 +155,8 @@ class ProxyOutpostConfigSerializer(ModelSerializer):
"cookie_domain", "cookie_domain",
"token_validity", "token_validity",
"scopes_to_request", "scopes_to_request",
"assigned_application_slug",
"assigned_application_name",
] ]

View File

@ -24,6 +24,11 @@ func (a *Application) addHeaders(headers http.Header, c *Claims) {
headers.Set("X-authentik-name", c.Name) headers.Set("X-authentik-name", c.Name)
headers.Set("X-authentik-uid", c.Sub) headers.Set("X-authentik-uid", c.Sub)
// System headers
headers.Set("X-authentik-meta-outpost", a.outpostName)
headers.Set("X-authentik-meta-provider", a.proxyConfig.Name)
headers.Set("X-authentik-meta-app", a.proxyConfig.AssignedApplicationSlug)
userAttributes := c.Proxy.UserAttributes userAttributes := c.Proxy.UserAttributes
// Attempt to set basic auth based on user's attributes // Attempt to set basic auth based on user's attributes
if *a.proxyConfig.BasicAuthEnabled { if *a.proxyConfig.BasicAuthEnabled {

View File

@ -28984,7 +28984,17 @@ components:
items: items:
type: string type: string
readOnly: true readOnly: true
assigned_application_slug:
type: string
description: Internal application name, used in URLs.
readOnly: true
assigned_application_name:
type: string
description: Application's display Name.
readOnly: true
required: required:
- assigned_application_name
- assigned_application_slug
- external_host - external_host
- name - name
- oidc_configuration - oidc_configuration

View File

@ -2,20 +2,46 @@
title: Overview title: Overview
--- ---
The proxy outpost sets the following headers: The proxy outpost sets the following user-specific headers:
``` - X-authentik-username: `akadmin`
X-authentik-username: akadmin # The username of the currently logged in user
X-authentik-groups: foo|bar|baz # The groups the user is member of, separated by a pipe The username of the currently logged in user
X-authentik-email: root@localhost # The email address of the currently logged in user
X-authentik-name: authentik Default Admin # Full name of the current user - X-authentik-groups: `foo|bar|baz`
X-authentik-uid: 900347b8a29876b45ca6f75722635ecfedf0e931c6022e3a29a8aa13fb5516fb # The hashed identifier of the currently logged in user.
``` The groups the user is member of, separated by a pipe
- X-authentik-email: `root@localhost`
The email address of the currently logged in user
- X-authentik-name: `authentik Default Admin`
Full name of the current user
- X-authentik-uid: `900347b8a29876b45ca6f75722635ecfedf0e931c6022e3a29a8aa13fb5516fb`
The hashed identifier of the currently logged in user.
Additionally, you can set `additionalHeaders` on groups or users to set additional headers. Additionally, you can set `additionalHeaders` on groups or users to set additional headers.
If you enable *Set HTTP-Basic Authentication* option, the HTTP Authorization header is being set. If you enable *Set HTTP-Basic Authentication* option, the HTTP Authorization header is being set.
Besides these user-specific headers, some application specific headers are also set:
- X-authentik-meta-outpost: `authentik Embedded Outpost`
The authentik outpost's name.
- X-authentik-meta-provider: `test`
The authentik provider's name.
- X-authentik-meta-app: `test`
The authentik application's slug.
# HTTPS # HTTPS
The outpost listens on both 9000 for HTTP and 9443 for HTTPS. The outpost listens on both 9000 for HTTP and 9443 for HTTPS.