Paul Greenberg

@daniel-trnk , once a request passes through “authorize” plugin, you will have roles as part of the request context, i.e. they are seen by the subsequent plugins in the chain....

You need something that would rewrite the value of x-header and would allow for doing replacements.

Alternatively, you could submit PR to allow for the configurable separator.

The changes would be here: https://github.com/greenpau/caddy-security/blob/83609dec14a46dfd5749dea0b08a03c283bd1114/plugin_authz.go#L127-L131 ```go roles := ar.Response.User["roles"].(string) // if custom separator, replace whitespace with the separator. // roles = strings.ReplaceAll .... u := caddyauth.User{ Metadata: map[string]string{ "roles":...

The configuration options should be added here: https://github.com/greenpau/caddy-security/blob/83609dec14a46dfd5749dea0b08a03c283bd1114/caddyfile_authz_misc.go#L26 For example the option would be: ``` authorization policy foo { with comma role separator } ``` https://github.com/greenpau/caddy-security/blob/83609dec14a46dfd5749dea0b08a03c283bd1114/caddyfile_authz_misc.go#L106-L117

> I'll see if I can get working what you suggested and report back. @daniel-trnk , that is your best bet really. Lots of learning on the way. If you...

@oluceps , you will need to troubleshoot the replacers. It could be environment variable propagation or Caddyfile syntax.

@webfrank , no really, because i can’t replicate your environment. The parsing makes certain assumptions that seem to be not true in your environment. You would need to dive deep...

The “login_rate_limit” is not something that exists. Is this a new feature you are asking for?

@krouter, what is the error?