3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-28 00:17:34 +02:00
Code Issues Projects Releases Packages Wiki Activity

add mTLS UserPrincipalName SAN match (#5177)

Browse source 
Add a new 'user_principal_name' type to the downstream mTLS
match_subject_alt_names option. This corresponds to the 'OtherName' type
with type-id 1.3.6.1.4.1.311.20.2.3 and a UTF8String value.
Add support for UserPrincipalName SAN matching to the policy evaluator.
This commit is contained in:
Kenneth Jenkins 2024-07-26 10:23:19 -07:00 committed by GitHub
parent b0606d9283
commit dbedfc586f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
9 changed files with 416 additions and 84 deletions
Download patch file Download diff file Expand all files Collapse all files

2
authorize/evaluator/headers_evaluator_test.go
View file

@ -171,7 +171,7 @@ func TestHeadersEvaluator(t *testing.T) {
assert.Equal(t, "CUSTOM_VALUE", output.Headers.Get("X-Custom-Header"))
assert.Equal(t, "ID_TOKEN", output.Headers.Get("X-ID-Token"))
assert.Equal(t, "ACCESS_TOKEN", output.Headers.Get("X-Access-Token"))
assert.Equal(t, "ebf421e323e31c3900a7985a16e72c59f45f5a2c15283297567e226b3b17d1a1",
assert.Equal(t, "3febe6467787e93f0a01030e0803072feaa710f724a9dc74de05cfba3d4a6d23",
output.Headers.Get("Client-Cert-Fingerprint"))
assert.Equal(t, "escaped $dollar sign", output.Headers.Get("Foo"))
})