ListAuth
This filter restricts access to the proxied microservice based on the user's Distinguished Name (DN).
How does it work?
The whitelist will allow given DNs, and the blacklist will forbid given DNs. The behavior of each list is slightly different:
whitelist- allows all by default, but then allows only the specified DNs if given a non-default string.blacklist- denies none, but then denies only the specified DNs when given a non-default string.
The users DN comes from the USER_DN host header. These headers must be supplied by the user, or can set by a filter somewhere up the connection stream.
Filter Configuration Options
| Name | Type | Default | Description | |
|---|---|---|---|---|
blacklist | String | "" | Pipe (` | `) delimited string of DNs that will not have access. |
whitelist | String | "" | Pipe (` | `) delimited string of DNs that will be allowed access. |
Example
http_filters:
- name: gm.listauth
config: { whitelist: "cn=jane.doe", blacklist:"cn=john.buck" }