stroom icon indicating copy to clipboard operation
stroom copied to clipboard

Published 20 hours ago verified publisher icon gchq

Provide a mechanism for trusted proxies to perform authentication and pass subject via HTTP headers

Open gcdev373 opened this issue 1 year ago • 1 comments

This feature is needed in Stroom Proxy and probably in stroom as well. A usage example would be to allow cloud based load balancers to perform mTLS authentication. See https://docs.aws.amazon.com/elasticloadbalancing/latest/application/mutual-authentication.html for details of an existing implementation.

The headers and their expected values should be configured in config, as should the list of trusted proxies, as it should not be possible for non-trusted clients to provide these headers and so assert identity!

gcdev373 avatar Feb 19 '24 12:02 gcdev373

Possible overlap with this issue

gcdev373 avatar Sep 27 '24 07:09 gcdev373

Fixed

at055612 avatar Aug 22 '25 14:08 at055612