-
Notifications
You must be signed in to change notification settings - Fork 322
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
User name not put into headers #26
Comments
Did you configure the generic OIDC provider in the Lasso config? Make sure the user info URL is set there: https://github.com/LassoProject/lasso/blob/master/config/config.yml_example#L80 Also make sure that this bit is set up as well: https://developer.okta.com/blog/2018/08/28/nginx-auth-request#bonus-who-logged-in |
Thanks for getting back to me. Here's how I have lasso configured:
That all works- I can successfully authenticate. It's this part which seems to not have any effect:
here's my nginx config:
My x-test header gets through fine. But I see no X-Lasso-User in the proxied server, hence my fear that $auth_resp_x_lasso_user isn't populated. |
I've run into similar issues and it appears to be related to the scope of the variables in the nginx could you try copying
into the |
to verify that the |
Oh wow, that fixed it. Thanks so much. I needed the block you suggested in the location / block
|
So glad that worked, feels like an |
Out of interest: Are there other pieces of information (last name etc) that lasso surfaces back into nginx that we can pass on upstream in headers? |
No not currently though that could be an interesting feature. Please feel
free to open an issue to suggest the enhancement.
…On Thu, Sep 27, 2018, 2:29 PM Phil ***@***.***> wrote:
Out of interest: Are there other pieces of information (last name etc)
that lasso surfaces back into nginx that we can pass on upstream in headers?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#26 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABNK67oGFWE3rdFVlNlDEoriVzBA_PjJks5ufUNTgaJpZM4W84Pg>
.
|
When I use this with Okta , while it authenticates, I am unable to get the username in the x-lasso-user header passed to my proxied server. As far as I can see I'm following the instructions laid out in the wiki. I'd just like to verify whether this 'should' work and whether anyone has any ideas what may be wrong here.
Thanks,
Phil
The text was updated successfully, but these errors were encountered: