I am using mod_auth_openidc as Resource Server. I want to configure OIDCClaimPrefix parameter as empty string, as I want to pass the claims received from OAuth server as it is(don't want any prefix with anything). I tried to keep OIDCClaimPrefix as empty but seems it expects 1 argument. How can I pass empty or blank prefix?
Asked
Active
Viewed 523 times
1 Answers
2
An empty prefix is currently not possible. You could use a space (" ") and assuming that your application code strips leading and trailing blanks, that may work for you.
Be aware that not adding a prefix makes it impossible to distinguish between headers that mod_auth_openidc sets and headers that are passed in from the client (since mod_auth_openidc cleans any header with the prefix that comes directly from the client), so security-wise it would not make sense to allow an empty prefix.
If you have a compelling case that does not render systems insecure you could add a feature request to the issue tracker on github.
Hans Z.
- 50,496
- 12
- 102
- 115
-
Thanks Hans. I agree with your point related to security issue with an empty prefix. I will try to use mod_headers to rewrite the request header. – Shashank Jun 23 '15 at 18:55