Extracting user information when an OIDC plugin is installed - PingIntelligence for APIs

Extracting user information when an OIDC plugin is installed - PingIntelligence for APIs - 5.2

PingIntelligence

bundle

pingintelligence-52

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.2 (Latest)

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-52

pingintelligence

private

ContentType_ce

Extract user attributes from JSON web tokens (JWT) when an OpenID Connect (OIDC) plugin is installed in the Kong Gateway.

To extract user attributes:

Capture the header value assigned to the upstream_introspection_header parameter in the OIDC plugin configuration.
Assign the header value to the location key in the jwt object of the API JSON file.

API Security Enforcer (ASE) will extract the user information from the JWT.
If upstream_introspection_header is not configured in the OIDC plugin, then complete the following configuration and assign x_introspection to the location key in the jwt object of the API JSON file:
```
http patch  :8001/plugins/$PLUGIN_ID config:=@patch.json
cat patch.json
{
  "upstream_introspection_header":  "x_introspection"
}
```
The following is a snippet of JWT object from a sample API JSON file:
```
"jwt": {
"location": "h:x_introspection",						
"username": "username",
"clientid": "client_id"
}
```