Allow users to specify which claims to store #95

artagel · 2019-04-06T12:59:30Z

Add the ability for users to specify the claims they want to store that are coming back from the various auth providers.
Example:
vouch is configured as oidc provider through keycloak, which is tied to active directory. A SSO sign-on sends back a claim for user groups. The user groups are saved by vouch and can be later used in different ways for authentication, sending them as headers, etc.

bnfinet · 2019-04-09T00:34:41Z

Thanks again for splitting these out @artagel and opening the issues

I'll post some comments to each

artagel · 2019-04-12T16:44:46Z

After discussion on IRC, we want to accomplish the following:

Add custom claim support
Add it to the JWT instead of the user struct
pass them down to nginx using X-Vouch-IdP-Claims-"claim"
Add config item vouch.headers.claims

bnfinet · 2019-05-03T04:54:37Z

fixed in #102

This was referenced Apr 6, 2019

Create a globalwhitelist based on the user object, including claims #96

Closed

Allow /validate to returns headers with claims #97

Closed

Allow /validate authorization per host based on claims in jwt #98

Closed

bnfinet added the enhancement label Apr 9, 2019

artagel mentioned this issue Apr 13, 2019

Allow custom claim support in JWT and pass them as headers. #102

Closed

bnfinet closed this as completed May 3, 2019

bnfinet mentioned this issue Aug 28, 2020

Custom claim support #90

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Allow users to specify which claims to store #95

Allow users to specify which claims to store #95

artagel commented Apr 6, 2019

bnfinet commented Apr 9, 2019

artagel commented Apr 12, 2019

bnfinet commented May 3, 2019

Allow users to specify which claims to store #95

Allow users to specify which claims to store #95

Comments

artagel commented Apr 6, 2019

bnfinet commented Apr 9, 2019

artagel commented Apr 12, 2019

bnfinet commented May 3, 2019