From 96a95c5affba6c0352cbfcf65f86c7fbb34c10fb Mon Sep 17 00:00:00 2001 From: Travis Groth Date: Fri, 15 May 2020 10:36:48 -0400 Subject: [PATCH] Update jwt_claims_headers docs (#705) --- docs/configuration/readme.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/configuration/readme.md b/docs/configuration/readme.md index 44dd33856..c55d73aa6 100644 --- a/docs/configuration/readme.md +++ b/docs/configuration/readme.md @@ -743,7 +743,9 @@ Default Upstream Timeout is the default timeout applied to a proxied route when The JWT Claim Headers setting allows you to pass specific user session data down to downstream applications as HTTP request headers. Note, unlike the header `x-pomerium-jwt-assertion` these values are not signed by the authorization service. -Any claim in the pomerium session JWT can be placed into a corresponding header for downstream consumption. This claim information is sourced from your Identity Provider (IdP) and Pomerium's own session metadata. +Any claim in the pomerium session JWT can be placed into a corresponding header for downstream consumption. This claim information is sourced from your Identity Provider (IdP) and Pomerium's own session metadata. The header will have the following format: + +`X-Pomerium-Claim-{Name}` where `{Name}` is the name of the claim requested. Use this option if you previously relied on `x-pomerium-authenticated-user-{email|user-id|groups}` for downstream authN/Z.