i'm trying to add a claim into the http header. i have an k8s ingress with
annotations:
nginx.ingress.kubernetes.io/auth-signin: "https://vouch.example.com/login?url=$scheme://$http_host$request_uri&vouch-failcount=$auth_resp_failcount&X-Vouch-Token=$auth_resp_jwt&error=$auth_resp_err"
nginx.ingress.kubernetes.io/auth-url: https://vouch.example.com/validate
nginx.ingress.kubernetes.io/auth-response-headers: 'X-Vouch-User, X-Vouch-Idp-Claims-Name'
nginx.ingress.kubernetes.io/auth-snippet: |
auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt;
auth_request_set $auth_resp_err $upstream_http_x_vouch_err;
auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount;
and a vouch config with:
vouch:
headers:
idtoken: X-Vouch-IdP-IdToken
claims:
- name
everything works, and i can authenticate fine and i can see both my email and name under the x-vouch-user and x-vouch-idp-claims-name http headers respectively. However, i would like to map the headers to use something more appropriate.
I've tried
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Remote-User $http_x_vouch_idp_claims_name;
but it doesn't seem to work. what are the correct variable name(s) to use in my proxy_set_header?
