How can I read a value from header in Azure API Management and pass it to a path param in keycloak realm?

huangapple go评论84阅读模式
英文:

How can I read a value from header in Azure API Management and pass it to a path param in keycloak realm?

问题

从 API 策略的头部读取值并传递到 Azure 策略的 API 路径参数。

您的策略中,您想要从头部读取一个值,并将其传递到 openid-config URL 的路径参数中。以下是您想要实现的内容:

<policies>
	<inbound>
		<base />
                <set-variable name="HostName" value="@{
            string [] HostNameHeader;
            
            context.Request.Headers.TryGetValue("Host", out HostNameHeader);    

            return HostNameHeader[0];
        }" />
		<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Authorization Failed. Check Bearer Token">
			<openid-config url="https://keycloak.digit.i/realms/{HostName}/.well-known/openid-configuration" />
		</validate-jwt>
	</inbound>
	<backend>
		<base />
	</backend>
	<outbound>
		<base />
	</outbound>
	<on-error>
		<base />
	</on-error>
</policies>

请指导我如何实现这一点。

英文:

Read value from header in api policy and pass it to api path param in azure policy

Hi I have a requirement where I use keycloak to authenticate my urls. Below is my policy

&lt;policies&gt;
	&lt;inbound&gt;
		&lt;base /&gt;
		&lt;validate-jwt header-name=&quot;Authorization&quot; failed-validation-httpcode=&quot;401&quot; failed-validation-error-message=&quot;Authorization Failed. Check Bearer Token&quot;&gt;
			&lt;openid-config url=&quot;https://keycloak.digit.i/realms/{realmName}/.well-known/openid-configuration&quot; /&gt;
		&lt;/validate-jwt&gt;
	&lt;/inbound&gt;
	&lt;backend&gt;
		&lt;base /&gt;
	&lt;/backend&gt;
	&lt;outbound&gt;
		&lt;base /&gt;
	&lt;/outbound&gt;
	&lt;on-error&gt;
		&lt;base /&gt;
	&lt;/on-error&gt;
&lt;/policies&gt;

Now i have a requirement like I have to read a value from header and pass it to path param of the openid-config url . Below is something i want to achieve

&lt;policies&gt;
	&lt;inbound&gt;
		&lt;base /&gt;
                &lt;set-variable name=&quot;HostName&quot; value=&quot;@{
            string [] HostNameHeader;
            
            context.Request.Headers.TryGetValue(&quot;Host&quot;, out HostNameHeader);    

            return HostNameHeader[0];
        }&quot; /&gt;
		&lt;validate-jwt header-name=&quot;Authorization&quot; failed-validation-httpcode=&quot;401&quot; failed-validation-error-message=&quot;Authorization Failed. Check Bearer Token&quot;&gt;
			&lt;openid-config url=&quot;https://keycloak.digit.i/realms/{HostName}/.well-known/openid-configuration&quot; /&gt;
		&lt;/validate-jwt&gt;
	&lt;/inbound&gt;
	&lt;backend&gt;
		&lt;base /&gt;
	&lt;/backend&gt;
	&lt;outbound&gt;
		&lt;base /&gt;
	&lt;/outbound&gt;
	&lt;on-error&gt;
		&lt;base /&gt;
	&lt;/on-error&gt;
&lt;/policies&gt;

Kindly guide as how I can achieve it

答案1

得分: 0

我已在我的环境中重现了报告的问题,并获得了以下结果-

在这里,我正在使用Azure AD作为openid-config URL(对于v1端点为https://login.microsoftonline.com/{aad-tenant}/.well-known/openid-configuration,对于v2端点为https://login.microsoftonline.com/{aad-tenant}/v2.0/.well-known/openid-configuration),其中aad-tenant是我的Azure AD 租户ID

我从请求头中读取租户ID并将其传递给openid-config URL

策略-

&lt;policies&gt;
&lt;inbound&gt;
&lt;base  /&gt;
&lt;set-variable  name=&quot;aad-tenant&quot;  value=&quot;@(context.Request.Headers.GetValueOrDefault(&quot;tenantId&quot;, &quot;&quot;))&quot;  /&gt;
&lt;validate-jwt  header-name=&quot;Authorization&quot;  failed-validation-httpcode=&quot;401&quot;  failed-validation-error-message=&quot;Unauthorized. Access token is missing or invalid.&quot;&gt;
&lt;openid-config  url=&quot;@($&quot;https://login.microsoftonline.com/{(string)context.Variables[&quot;aad-tenant&quot;]}/.well-known/openid-configuration&quot;)&quot;  /&gt;
&lt;/validate-jwt&gt;
&lt;/inbound&gt;
&lt;backend&gt;
&lt;base  /&gt;
&lt;/backend&gt;
&lt;outbound&gt;
&lt;base  /&gt;
&lt;/outbound&gt;
&lt;on-error&gt;
&lt;base  /&gt;
&lt;/on-error&gt;
&lt;/policies&gt;

API管理服务中的测试结果-

How can I read a value from header in Azure API Management and pass it to a path param in keycloak realm?

How can I read a value from header in Azure API Management and pass it to a path param in keycloak realm?

How can I read a value from header in Azure API Management and pass it to a path param in keycloak realm?

英文:

I have reproduced the reported issue in my environment and got the below results-

Here I am using Azure AD for openid-config URL (https://login.microsoftonline.com/{aad-tenant}/.well-known/openid-configuration for v1 endpoint and https://login.microsoftonline.com/{aad-tenant}/v2.0/.well-known/openid-configuration for v2 endpoint) where aad-tenant is my Azure AD tenant-id.

I am reading tenant-id from request header and passing it to openid-config URL .

Policy-

&lt;policies&gt;
&lt;inbound&gt;
&lt;base  /&gt;
&lt;set-variable  name=&quot;aad-tenant&quot;  value=&quot;@(context.Request.Headers.GetValueOrDefault(&quot;tenantId&quot;, &quot;&quot;))&quot;  /&gt;
&lt;validate-jwt  header-name=&quot;Authorization&quot;  failed-validation-httpcode=&quot;401&quot;  failed-validation-error-message=&quot;Unauthorized. Access token is missing or invalid.&quot;&gt;
&lt;openid-config  url=&quot;@($&quot;https://login.microsoftonline.com/{(string)context.Variables[&quot;aad-tenant&quot;]}/.well-known/openid-configuration&quot;)&quot;  /&gt;
&lt;/validate-jwt&gt;
&lt;/inbound&gt;
&lt;backend&gt;
&lt;base  /&gt;
&lt;/backend&gt;
&lt;outbound&gt;
&lt;base  /&gt;
&lt;/outbound&gt;
&lt;on-error&gt;
&lt;base  /&gt;
&lt;/on-error&gt;
&lt;/policies&gt;

Test Result in API Management service-

How can I read a value from header in Azure API Management and pass it to a path param in keycloak realm?

How can I read a value from header in Azure API Management and pass it to a path param in keycloak realm?

How can I read a value from header in Azure API Management and pass it to a path param in keycloak realm?

huangapple
  • 本文由 发表于 2023年5月29日 18:34:47
  • 转载请务必保留本文链接:https://go.coder-hub.com/76356596.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定