hawkbit icon indicating copy to clipboard operation
hawkbit copied to clipboard
verified publisher icon eclipse

ControllerPreAuthenticatedSecurityHeaderFilter: add ingress-nginx auth-tls-* annotations support

Open sergeysedoy97 opened this issue 4 years ago • 1 comments

It is possible to enable Client Certificate Authentication using additional annotations in Ingress Rule.

The following headers are sent to the upstream service according to the auth-tls-* annotations:

  • ssl-client-issuer-dn: The issuer information of the client certificate. Example: "CN=My CA"
  • ssl-client-subject-dn: The subject information of the client certificate. Example: "CN=My Client"

This PR adds support for this annotations without any global changes, you just need to overwrite the following properties: hawkbit.server.ddi.security.rp.cnHeader and hawkbit.server.ddi.security.rp.sslIssuerHashHeader.

sergeysedoy97 avatar May 31 '21 16:05 sergeysedoy97

Can one of the admins verify this patch?

hawkbit-bot avatar May 31 '21 16:05 hawkbit-bot