英文:
How can I read a value from header in Azure API Management and pass it to a path param in keycloak realm?
问题
从 API 策略的头部读取值并传递到 Azure 策略的 API 路径参数。
您的策略中,您想要从头部读取一个值,并将其传递到 openid-config URL 的路径参数中。以下是您想要实现的内容:
<policies>
<inbound>
<base />
<set-variable name="HostName" value="@{
string [] HostNameHeader;
context.Request.Headers.TryGetValue("Host", out HostNameHeader);
return HostNameHeader[0];
}" />
<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Authorization Failed. Check Bearer Token">
<openid-config url="https://keycloak.digit.i/realms/{HostName}/.well-known/openid-configuration" />
</validate-jwt>
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>
请指导我如何实现这一点。
英文:
Read value from header in api policy and pass it to api path param in azure policy
Hi I have a requirement where I use keycloak to authenticate my urls. Below is my policy
<policies>
<inbound>
<base />
<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Authorization Failed. Check Bearer Token">
<openid-config url="https://keycloak.digit.i/realms/{realmName}/.well-known/openid-configuration" />
</validate-jwt>
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>
Now i have a requirement like I have to read a value from header and pass it to path param of the openid-config url . Below is something i want to achieve
<policies>
<inbound>
<base />
<set-variable name="HostName" value="@{
string [] HostNameHeader;
context.Request.Headers.TryGetValue("Host", out HostNameHeader);
return HostNameHeader[0];
}" />
<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Authorization Failed. Check Bearer Token">
<openid-config url="https://keycloak.digit.i/realms/{HostName}/.well-known/openid-configuration" />
</validate-jwt>
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>
Kindly guide as how I can achieve it
答案1
得分: 0
我已在我的环境中重现了报告的问题,并获得了以下结果-
在这里,我正在使用Azure AD作为openid-config URL(对于v1端点为https://login.microsoftonline.com/{aad-tenant}/.well-known/openid-configuration,对于v2端点为https://login.microsoftonline.com/{aad-tenant}/v2.0/.well-known/openid-configuration),其中aad-tenant是我的Azure AD 租户ID。
我从请求头中读取租户ID并将其传递给openid-config URL。
策略-
<policies>
<inbound>
<base />
<set-variable name="aad-tenant" value="@(context.Request.Headers.GetValueOrDefault("tenantId", ""))" />
<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid.">
<openid-config url="@($"https://login.microsoftonline.com/{(string)context.Variables["aad-tenant"]}/.well-known/openid-configuration")" />
</validate-jwt>
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>
API管理服务中的测试结果-
英文:
I have reproduced the reported issue in my environment and got the below results-
Here I am using Azure AD for openid-config URL (https://login.microsoftonline.com/{aad-tenant}/.well-known/openid-configuration for v1 endpoint and https://login.microsoftonline.com/{aad-tenant}/v2.0/.well-known/openid-configuration for v2 endpoint) where aad-tenant is my Azure AD tenant-id.
I am reading tenant-id from request header and passing it to openid-config URL .
Policy-
<policies>
<inbound>
<base />
<set-variable name="aad-tenant" value="@(context.Request.Headers.GetValueOrDefault("tenantId", ""))" />
<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid.">
<openid-config url="@($"https://login.microsoftonline.com/{(string)context.Variables["aad-tenant"]}/.well-known/openid-configuration")" />
</validate-jwt>
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>
Test Result in API Management service-
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论