Extracting user information when OIDC plugin is used - PingIntelligence for APIs

Extracting user information when OIDC plugin is used - PingIntelligence for APIs - 5.0

PingIntelligence

bundle

pingintelligence-50

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.0

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-50

pingintelligence

private

ContentType_ce

Page created: 1 Jun 2021 |

Page updated: 1 Nov 2021

| 1 min read

5.0 Capability API Security Advanced API Cybersecurity Linux On-Premises Operating System Hosting Environment PingIntelligence for APIs Product

You can extract the user attributes from JWTs when OpenID Connect (OIDC) plugin is installed in Kong gateway. To do this, capture the header value assigned to upstream_introspection_header parameter in the OIDC plugin configuration. Assign this value to the location key in the jwt object of the API JSON file. ASE will extract the user information from the JWT.

If upstream_introspection_header is not configured in the OIDC plugin, then complete the following configuration and assign x_introspection to the location key in the jwt object of the API JSON file.

http patch  :8001/plugins/$PLUGIN_ID config:=@patch.json
cat patch.json
{
  "upstream_introspection_header":  "x_introspection"
}

The following is a snippet of JWT object from a sample API JSON file.

"jwt": {
"location": "h:x_introspection",						
"username": "username",
"clientid": "client_id"
}

For more information on configuring the API JSON file, see Defining an API using API JSON configuration file in sideband mode.