Taking allowed users from Header #21
Description
Hi.
Thanks a lot for this tool, it is very useful for me. However, there's one feature I'd like to have which would be helping me a lot:
I'd like to automatically set ACLs for users, but without being able to modify nginx-sso's config. Currently I'm doing this via nginx' config:
location /nginx-sso-auth {
internal;
proxy_pass http://nginx-sso/auth;
...
proxy_set_header X-Allow "bob";
}
and in nginx-sso config:
acl:
rule_sets:
- rules:
- field: "x-allow"
equals: "bob"
allow:
- "bob"
- rules:
- field: "x-allow"
equals: "@staff"
allow:
- "@cn=staff,ou=groups,dc=company"
This does work, but isn't really comfortable - I have to create a rule set for each user or group or combination of those.
Would it be possible, do add something like this:
acl:
rule_sets:
- rules:
allow:
- $x-allow
That way, one could put all users allowed to access an resource into the X-Allow header and leave the rest to nginx-sso.