outposts/proxy: remove deprecated headers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
bf347730b3
commit
c07b8d95d0
|
@ -121,13 +121,6 @@ class TraefikMiddlewareReconciler(KubernetesObjectReconciler[TraefikMiddleware])
|
||||||
forwardAuth=TraefikMiddlewareSpecForwardAuth(
|
forwardAuth=TraefikMiddlewareSpecForwardAuth(
|
||||||
address=f"http://{self.name}.{self.namespace}:9000/akprox/auth/traefik",
|
address=f"http://{self.name}.{self.namespace}:9000/akprox/auth/traefik",
|
||||||
authResponseHeaders=[
|
authResponseHeaders=[
|
||||||
# Legacy headers, remove after 2022.1
|
|
||||||
"X-Auth-Username",
|
|
||||||
"X-Auth-Groups",
|
|
||||||
"X-Forwarded-Email",
|
|
||||||
"X-Forwarded-Preferred-Username",
|
|
||||||
"X-Forwarded-User",
|
|
||||||
# New headers, unique prefix
|
|
||||||
"X-authentik-username",
|
"X-authentik-username",
|
||||||
"X-authentik-groups",
|
"X-authentik-groups",
|
||||||
"X-authentik-email",
|
"X-authentik-email",
|
||||||
|
|
|
@ -14,14 +14,6 @@ import (
|
||||||
func (a *Application) addHeaders(headers http.Header, c *Claims) {
|
func (a *Application) addHeaders(headers http.Header, c *Claims) {
|
||||||
// https://goauthentik.io/docs/providers/proxy/proxy
|
// https://goauthentik.io/docs/providers/proxy/proxy
|
||||||
|
|
||||||
// Legacy headers, remove after 2022.1
|
|
||||||
headers.Set("X-Auth-Username", c.PreferredUsername)
|
|
||||||
headers.Set("X-Auth-Groups", strings.Join(c.Groups, "|"))
|
|
||||||
headers.Set("X-Forwarded-Email", c.Email)
|
|
||||||
headers.Set("X-Forwarded-Preferred-Username", c.PreferredUsername)
|
|
||||||
headers.Set("X-Forwarded-User", c.Sub)
|
|
||||||
|
|
||||||
// New headers, unique prefix
|
|
||||||
headers.Set("X-authentik-username", c.PreferredUsername)
|
headers.Set("X-authentik-username", c.PreferredUsername)
|
||||||
headers.Set("X-authentik-groups", strings.Join(c.Groups, "|"))
|
headers.Set("X-authentik-groups", strings.Join(c.Groups, "|"))
|
||||||
headers.Set("X-authentik-email", c.Email)
|
headers.Set("X-authentik-email", c.Email)
|
||||||
|
|
|
@ -31,7 +31,12 @@ This guide requires https://github.com/BeryJu/hass-auth-header, which can be ins
|
||||||
|
|
||||||
Afterwards, make sure the `trusted_proxies` setting contains the IP(s) of the Host(s) authentik is running on.
|
Afterwards, make sure the `trusted_proxies` setting contains the IP(s) of the Host(s) authentik is running on.
|
||||||
|
|
||||||
With the default Header of `X-Forwarded-Preferred-Username` matching is done on a username basis, so your Name in Home-Assistant and your username in authentik have to match.
|
Use this configuration to match on the user's authentik username.
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
auth_header:
|
||||||
|
username_header: X-authentik-username
|
||||||
|
```
|
||||||
|
|
||||||
If this is not the case, you can simply add an additional header for your user, which contains the Home-Assistant Name and authenticate based on that.
|
If this is not the case, you can simply add an additional header for your user, which contains the Home-Assistant Name and authenticate based on that.
|
||||||
|
|
||||||
|
|
Reference in a new issue