In the authenticateExternal function of the auhenticate endpoint, we attempt to extract the username from the X-Forwarded-User header:
username := c.Request.Header.Get("X-Forwarded-User").
If this is meant to be used in conjunction with the oauth2 proxy of the villas chart, then this header will only correspond to username in SOME CASES.
In keycloak for example the X-Forwarded-User corresponds to the subject, which is just a UUID.
The proper header for getting the preferred_username claim is X-Forwarded-Username, commented out here:
// preferred_username := c.Request.Header.Get("X-Forwarded-Preferred-Username"). no idea why.
Maybe a proper check on both headers is warranted
In the authenticateExternal function of the auhenticate endpoint, we attempt to extract the username from the X-Forwarded-User header:
username := c.Request.Header.Get("X-Forwarded-User").If this is meant to be used in conjunction with the oauth2 proxy of the villas chart, then this header will only correspond to username in SOME CASES.
In keycloak for example the X-Forwarded-User corresponds to the subject, which is just a UUID.
The proper header for getting the preferred_username claim is X-Forwarded-Username, commented out here:
// preferred_username := c.Request.Header.Get("X-Forwarded-Preferred-Username"). no idea why.Maybe a proper check on both headers is warranted