Hi List,
This is my first ever message out there so please excuse lack of format !
I'm struggling to setup my SSO as source of authentication for OpenXPKI.
The SSO part is handled by an apache plugin, and works fine. I am able to check
the claims and generate a "SSO_ROLE" environment variable containing the
intended role the user should get after authentication.
Now my issue is trying to pass this information to the auth layer so the user
effectively gets that role.
I use NoAuth as per the examples:
Stack:
BasicAuth:
handler: ExternalAuth
type: client
envkeys:
email: OIDC_CLAIM_unique_name
Handler
ExternalAuth:
type: NoAuth
role: User
If I remove the "role" statement from the handler and add an envkey "role"
mapping to my Apache ENV variable, I get an auth error.
What is the "proper" way to
* Pass the role to the auth layer
* Store some extra information (such as email or Org Unit) to be used later
in certificate generation
Thanks & Regards,
Florian Cramoisan
PoC Engineer - WW | HPE Aruba Global Solutions | PoC
ACEX #102 - ACMX#831 | ACCX#1261 | ACDX#1282 | ACSX#1475
Mobile : +33 (0)6 14 58 32 45 | Desk :+33 (0)4 80 32 35 16
Hewlett Packard Enterprise | 5 av Raymond CHANAS | 38053 Grenoble | France
[Image result for aruba logo]
This e-mail may contain confidential and/or legally privileged material for the
sole use of the intended recipient. If you are not the intended recipient (or
authorized to receive for the recipient) please contact the sender by reply
e-mail and delete all copies of this message. If you are receiving this
message internally within the Hewlett Packard Enterprise company, you should
consider the contents "CONFIDENTIAL".
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
