By: Dheivendiran Ramasamy user 13 Jun 2018 at 5:26 a.m. CDT

4 Responses
Dheivendiran Ramasamy gravatar
I have installed open resty and configured gluu(2.4.4) parameters in to the config of lua-resty-openidc module. I have set scope as "openid user_name profile". So I use the variable res.user.user_name to get user_name. But it returns null. Please help me.

By Sahil Arora staff 15 Jun 2018 at 7:29 p.m. CDT

Sahil Arora gravatar
Hi Dheivendiran, I would suggest you to use the latest available version of Gluu which is 3.1.3, and try to print the environment variables to see which variable returns the user_name.

By Chris Blanton staff 18 Jun 2018 at 3:12 p.m. CDT

Chris Blanton gravatar
Hey Dheivendiran, > So I use the variable res.user.user_name to get user_name. But it returns null. For the mappings that Gluu Server has for attributes, please refer to Configure > Attributes inside the oxTrust/Identity UI. In my instances of 3.1.3, the user name attribute is mapped to `uid`. This seems to be standard across the versions. For example, I was trying to get the `memberOf` attribute with OpenResty and after some searching, figured out that Gluu Server's memberOf attribute is mapped as `member_of`. Coincidentally user name is mapped as `uid` so your configuration should be something like: ``` if res.user.uid = <uid> then <action> end ``` If you're trying to do some sort of action. In my case I was trying to do access control with the memberOf claim which I added to my "profile" scope: ``` local ADMIN_GROUP = '<memberOf inum>' if res.user.member_of ~= ADMIN_GROUP then ngx.exit(ngx.HTTP_FORBIDDEN) end ```

By Dheivendiran Ramasamy user 19 Jun 2018 at 7:25 a.m. CDT

Dheivendiran Ramasamy gravatar
Hi chris, It returns the user_name what I expected. But I want to pass that value to the another location block called /api. But tried both $remote_user and "set $user_name" variable to pass the value it is not working. Please check the below configuration and tell me your suggestions. Thank you. ``` server { listen 443; server_name; root /var/www/html; index index.php index.html index.htm index.nginx-debian.html; ssl_certificate /etc/nginx/ssl/cert.crt; ssl_certificate_key /etc/nginx/ssl/cert.key; ssl on; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; ssl_prefer_server_ciphers on; location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/php7.0-fpm.sock; } location ~ /\.ht { deny all; } location / { set $user_name ''; access_by_lua_block { local opts = { redirect_uri_path = "/secret/redirect", discovery = "https://hostname/.well-known/openid-configuration", client_id = "@!22A9 - my client id is here", client_secret = "password", scope = "openid user_name profile", redirect_uri_scheme = "https", token_endpoint_auth_method = "client_secret_basic", ssl_verify = "no", timeout = 7200, } -- call authenticate for OpenID Connect user authentication local res, err = require("resty.openidc").authenticate(opts) if err then ngx.status = 500 ngx.say(err) ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR) end ngx.var.user_name = res.user.user_name #ngx.var.remote_user = res.user.user_name } } location /api/ { proxy_pass http://java-servie:8800/; proxy_set_header remote_user $user_name; proxy_set_header X-Forwarded-Proto "https"; } } ```

By Dheivendiran Ramasamy user 19 Jun 2018 at 7:30 a.m. CDT

Dheivendiran Ramasamy gravatar
Hi Sahil, Thanks for your suggestion, up-gradation also is going on that is separate task.