Thanks to a suggestion in my other thread I am trying out ‘Custom groups providers’, thought it would be best to create a new thread for this question. I am only experimenting with it, otherwise the LDAP connector looks as though it will work well for me.
My plan is to get the user details passed to readonlyrest via X-Forwarded-User from an NGINX proxy and then use that to query the users’ groups via a custom groups provider.
My question is re: the custom groups provider…
I’ve been looking at the example config but I’m not sure how to configure it for my use case, I have written some shortened pseudo config to demonstrate what it is that I want to do…
user_groups_providers:
- name: GroupsService
groups_endpoint: "https://groupprovider.com/<user identifier here>/groups"
cert: mycert
key: mykey
response_groups_json_path: "$..groups[?(@.name)].name"
So I need to put the user identifier into the URL as above, which will return the groups as json. I also need to pass a client cert and key to the group provider service.
Is that possible?
Not a problem if not, but if I can make the custom groups provider work it will be a nice solution.