On incoming requests, the
gm-jwt-security filter communicates with the gm-jwt-security service /policies endpoint, and creates a JWT token. A USER_DN must be set.
This filter is usually set after the Inheaders filter, and can only be used with TLS.
(String, default: "jwt")- Header in which the jwt token is put.
(Boolean, default: false)- Should the filter use certs in connecting to gm-jwt-security?
(String, default: "./certs/server.crt")- Certificate path
(String, default: "./certs/server.key")- Keyfile path
(String, default: "./certs/intermediate.crt")- Certificate authority or intermediate certificate path.
(Boolean, default: false)- Should calls to gm-jwt-security require hostname verification in certs? Should be used only for testing. See go docs for more information.
(Integer, default: 1000ms)- Timeout in milliseconds for the connection between gm-proxy and gm-jwt-security service. Set to a negative number to disable timeouts completely, though this is not advised as it can cause an infinite hang in the sidecar.
(Integer, default: 0)- Number of retries after failed connection between gm-proxy and gm-jwt-security service.
(Integer, default: 0)- Amount of time in milliseconds between each unsuccessful retry.
(Integer, default: 100)- Maximum number of tokens held in cache. If negative, caching is disabled, must be > 0 to enable caching.
(Integer, default: 10m)- Time in minutes to hold tokens in the cache. If negative, caching is disabled, must be > 0 to enable caching.