Thanks, Jon. That worked!
I couldn't get this working at first, but I later discovered that was due to me having a hyphen in front of the `encoding:` node. The incorrect syntax caused the IAG to ignore the setting. It may be worth putting logic in the IAG where that sort of incorrect syntax causes the container not to start, rather than ignore the setting.
For anyone stumbling across this in the future, below is an excerpt of my `config.yaml` file that allowed me to get this done:
resource_servers:
- virtual_host: webservice.domain.local
connection_type: "ssl"
identity_headers:
encoding: utf8_bin
basic_auth:
mode: ignore
servers:
- host: webservice.domain.local
virtual_host: webservice.domain.local
port: 443
url_style:
case_insensitive: true
------------------------------
Timothy
------------------------------
Original Message:
Sent: Fri February 25, 2022 12:07 PM
From: Jon Harry
Subject: Forward the `Authorization` header and value to the backend resource
Hi Timothy,
if you set the basic_auth mode to "ignore" on the resource server I think that should allow authorization header to pass through.
https://docs.verify.ibm.com/gateway/docs/yaml-resource_servers-identity_headers#basic_auth
Jon.
------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
Original Message:
Sent: Fri February 25, 2022 11:39 AM
From: Timothy Dilbert
Subject: Forward the `Authorization` header and value to the backend resource
We have IAG deployed as a proxy to a backend web service.
We need to forward the`Authorization` header sent in the HTTP request to IAG, over to the backend web service. This is because the backend service IAG is proxying requires the same header for some BL stored in that service.
How can I configure the IAG to forward the `Authorization` header to the backend service?
------------------------------
Timothy
------------------------------