Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can username be customized other than email? #266

Open
robsonyeg opened this issue Jul 9, 2021 · 7 comments
Open

Can username be customized other than email? #266

robsonyeg opened this issue Jul 9, 2021 · 7 comments

Comments

@robsonyeg
Copy link

robsonyeg commented Jul 9, 2021
edited
Loading

Hello,

I am using Keycloak as the IDP. In Keycloak, the user's attributes have email, username and sometimes the username is not the same as email.

Is it possible to make it customizable to choose which attributes of a user be returned as the authenticated user?

Thanks,
@jmichler
Copy link

jmichler commented Aug 3, 2021

This would also come in handy for AzureAD (OIDC as well). There it would be better to have the "User Principal Name" within the AzureAD instead of the E-Mail address. Any idea on how to implement this?

@TheDwoon
Copy link

TheDwoon commented Aug 3, 2021

Could use that feature as well

@DanceMore
Copy link

Keycloak user at home and I found this project because OIDC auth is an "enterprise" feature for traefik. Boo-urns :(

Also OIDC is everywhere anymore but a lot of implementations vary subtly, so more parameters means support for even more platforms beyond Keycloak and Azure 👍

@thmo
Copy link

thmo commented Dec 2, 2021

See #159 and #241.

@thmo thmo mentioned this issue Mar 17, 2022
Open
@adyanth
Copy link

adyanth commented Mar 20, 2022

Would also be nice to have other attributes mapped to other headers, such as X-Forwarded-Email.

@jmichler
Copy link

jmichler commented Dec 3, 2022

For Azure the following works better, obviously it would be better to make this "really configurable":

diff --git a/internal/provider/providers.go b/internal/provider/providers.go
index ac863df..c56ea20 100644
--- a/internal/provider/providers.go
+++ b/internal/provider/providers.go
@@ -30,6 +30,7 @@ type token struct {
 // User is the authenticated user
 type User struct {
        Email string `json:"email"`
+       PrefUser string `json:"preferred_username"`
 }

 // OAuthProvider is a provider using the oauth2 library
diff --git a/internal/server.go b/internal/server.go
index 2e20df5..8e978a2 100644
--- a/internal/server.go
+++ b/internal/server.go
@@ -186,10 +186,11 @@ func (s *Server) AuthCallbackHandler() http.HandlerFunc {
                }

                // Generate cookie
-               http.SetCookie(w, MakeCookie(r, user.Email))
+               http.SetCookie(w, MakeCookie(r, user.PrefUser))
                logger.WithFields(logrus.Fields{
                        "provider": providerName,
                        "redirect": redirect,
+                       "prefUser":  user.PrefUser,
                        "user":     user.Email,
                }).Info("Successfully generated auth cookie, redirecting user.")

@laurivosandi
Copy link

This whole thing ought to be a configurable mapping between OIDC attributes and HTTP headers

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@laurivosandi @thmo @jmichler @TheDwoon @adyanth @robsonyeg @DanceMore