GreyMatter.io
Twitter
GitHub
Support
Overview
Release Notes
Use Cases
Architecture
Installation
Set up the CLI
Install on Kubernetes
Guides
Deploy a Service
Remove a Service
Security
Fabric
Data-Mesh
AWS
Application Development Guide
Usage
Application
Service Discovery
Traffic Control
Security
Telemetry
Platform Services
Troubleshooting
Reference
API
APIer
Catalog
Fabric
Filters
Network
HTTP
Ensure Variables
Impersonation
Inheaders
JWT Security
ListAuth
Metrics
OAuth
Observables
OIDC Authentication
OIDC Validation
RBAC
cluster
domain
listener
proxy
route
shared_rules
zone
CLI
Setup
Artifacts
System Requirements
Standards and Compliance
Glossary
1.3 Migration Guide
Powered by GitBook

ListAuth

This filter restricts access to the proxied microservice based on the user's Distinguished Name (DN). The whitelist will allow given DNs, and the blacklist will forbid given DNs. The behavior of each list is slightly different:

  • whitelist allows all by default, but then allows only the specified DNs if given a non-default string.

  • blacklist denies none, but then denies only the specified DNs when given a non-default string.

The users DN comes from the USER_DN host header. These headers must be supplied by the user, or can set by the gm.inheaders filter somewhere up the connection stream.

Filter Configuration Options

Name

Type

Default

Description

blacklist

String

""

Pipe (|) delimited string of DNs that will not have access.

whitelist

String

""

Pipe (|) delimited string of DNs that will be allowed access.

Example

http_filters:
- name: gm.listauth
  config: { whitelist: "cn=jane.doe", blacklist:"cn=john.buck" }

Per-Route configuration

{
  "blacklist": <string>,
  "whitelist": <string>
}

The per-route configuration mirrors the filter configuration.

See Routing.

Previous
JWT Security
Next
Metrics
Last updated 1 month ago
Contents
Filter Configuration Options
Example
Per-Route configuration