diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-01-30 12:43:37 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-01-30 13:37:59 +0100 |
commit | 23bdf059f1b8345495e0b72f61d30bc15761d4da (patch) | |
tree | 402eaa239832bf9b3d479b920fec6ff07ed63626 /jdisc-security-filters/src/main/resources | |
parent | eb4b7b8fcdc7aa5de13c05872a1fdca4076179b9 (diff) |
Rewrite AthenzAuthorizationFilter to accept access tokens
Change athenz-authorization-filter.def to have an enum set of enabled credentials.
Delegate to ZPE to determine if a certificate is an Athenz role or identity certificate.
Introduce various request attributes to propagate result from ZPE.
Diffstat (limited to 'jdisc-security-filters/src/main/resources')
-rw-r--r-- | jdisc-security-filters/src/main/resources/configdefinitions/athenz-authorization-filter.def | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/jdisc-security-filters/src/main/resources/configdefinitions/athenz-authorization-filter.def b/jdisc-security-filters/src/main/resources/configdefinitions/athenz-authorization-filter.def index c60b7a125f8..ab8c4a204df 100644 --- a/jdisc-security-filters/src/main/resources/configdefinitions/athenz-authorization-filter.def +++ b/jdisc-security-filters/src/main/resources/configdefinitions/athenz-authorization-filter.def @@ -2,7 +2,7 @@ namespace=jdisc.http.filter.security.athenz # Which credentials to verify. Note: ANY will prioritize token over certificate if both are present. -credentialsToVerify enum { CERTIFICATE_ONLY, TOKEN_ONLY, ANY } default=ANY +enabledCredentials[] enum { ROLE_CERTIFICATE, ROLE_TOKEN, ACCESS_TOKEN } -# Name of header which includes role token. Must be set if 'credentialsTypeRequired' is set to TOKEN_ONLY or ANY. -roleTokenHeaderName string default="" +# Name of role token http header +roleTokenHeaderName string default="Athenz-Role-Token" |