Question : Custom Header from claim

[allupaku]

I have been through the configuration but couldnt find a way to achieve what i am looking for.

Context

Trying to use keycloak-gatekeeper as an authentication proxy for kubenetes dashboard.

Kubernetes dashboard takes in the bearer token for authentication. But in order to act as a specific user it looks for a header - Impersonate-User - which is currently a hard coded header in dashboard (i dont know why).

I have seen custom headers option - through which we can add custom headers to upstream , but the value must be predefined. Also the custom claim header option is currently adding header "X-" format.

So my question is : is there any way to add a custom header like "Impersonate-User" from the claim value , say "preferred_name" , or some thing similar ? Checking the code i couldnt find any obvious option.

[jangaraj]

No, it isn't possible. Prefix X-Auth- is hardcoded: https://github.com/keycloak/keycloak-gatekeeper/blob/008527a818093e758dc1d7246dc35bc495d395be/middleware.go#L398

[allupaku]

Got it. Do you think it is worth making that prefix / the whole header name as a configurable parameter ?

[jangaraj]

I would say, no. That header name should be fully configurable, not just prefix. For example:

add-claims:
- given_name:Impersonate-User
- family_name:X-My-Custom-family-name
- iss

And of course it must be fully backward compatible, so it won't introduce any breaking change.

[allupaku]

@jangaraj : Do you think the pull request i just made will suffice ?

[thalesvalias]

This is exactly what I need. I've posted earlier to the forum my use-case. My application expects a header named X-User, so X-Auth-User won't do: https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!msg/louketo/b-1-pv7TGi4/bzr-YrFbAgAJ