Skip to content

Commit

Permalink
Expose SSL client cert data to external auth provider. (#2078)
Browse files Browse the repository at this point in the history
  • Loading branch information
@aledbf
turettn authored and aledbf committed Mar 19, 2018
1 parent 28e6f54 commit de30e53
Showing 1 changed file with 15 additions and 0 deletions.
15 changes: 15 additions & 0 deletions rootfs/etc/nginx/template/nginx.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -748,6 +748,21 @@ stream {
client_body_buffer_size {{ $location.ClientBodyBufferSize }};
{{ end }}

# Pass the extracted client certificate to the auth provider
{{ if not (empty $server.CertificateAuth.CAFileName) }}
{{ if $server.CertificateAuth.PassCertToUpstream }}
proxy_set_header ssl-client-cert $ssl_client_escaped_cert;
{{ else }}
proxy_set_header ssl-client-cert "";
{{ end }}
proxy_set_header ssl-client-verify $ssl_client_verify;
proxy_set_header ssl-client-dn $ssl_client_s_dn;
{{ else }}
proxy_set_header ssl-client-cert "";
proxy_set_header ssl-client-verify "";
proxy_set_header ssl-client-dn "";
{{ end }}

set $target {{ $location.ExternalAuth.URL }};
proxy_pass $target;
}
Expand Down

0 comments on commit de30e53

Please sign in to comment.