Question about tailoring the example 'custom groups providers' config

Thanks to a suggestion in my other thread I am trying out ‘Custom groups providers’, thought it would be best to create a new thread for this question. I am only experimenting with it, otherwise the LDAP connector looks as though it will work well for me.

My plan is to get the user details passed to readonlyrest via X-Forwarded-User from an NGINX proxy and then use that to query the users’ groups via a custom groups provider.

My question is re: the custom groups provider…

I’ve been looking at the example config but I’m not sure how to configure it for my use case, I have written some shortened pseudo config to demonstrate what it is that I want to do…

- name: GroupsService
  groups_endpoint: "<user identifier here>/groups"
  cert: mycert
  key: mykey
  response_groups_json_path: "$..groups[?(].name"

So I need to put the user identifier into the URL as above, which will return the groups as json. I also need to pass a client cert and key to the group provider service.
Is that possible?
Not a problem if not, but if I can make the custom groups provider work it will be a nice solution.

1 Like

You can only pass the username as a header or query parameter:

  auth_token_passed_as: <QUERY_PARAM | HEADER OR QUERY_PARAM>

Custom SSL cert are not yet supported in this kind of connector AFAIR (@coutoPL right?) But we have a Jira for that. Should re-prioritise that ticket, it’s quite important.

1 Like

yes, we have a jira in backlog to add the custom cert support here

1 Like