ListAuth

This filter restricts access to the proxied microservice based on the user's Distinguished Name (DN). The whitelist will allow given DNs, and the blacklist will forbid given DNs. The behavior of each list is slightly different:

  • whitelist allows all by default, but then allows only the specified DNs if given a non-default string.

  • blacklist denies none, but then denies only the specified DNs when given a non-default string.

The users DN comes from the USER_DN host header. These headers must be supplied by the user, or can set by the gm.inheaders filter somewhere up the connection stream.

Filter Configuration Options

Name

Type

Default

Description

blacklist

String

""

Pipe (|) delimited string of DNs that will not have access.

whitelist

String

""

Pipe (|) delimited string of DNs that will be allowed access.

Example

http_filters:
- name: gm.listauth
config: { whitelist: "cn=jane.doe", blacklist:"cn=john.buck" }