Hi everybody,
In a PSD2 context, we have a reverse proxy (for api exposition) that is executing a STS module chain for each incoming request.
This is configurated on webseal's config as follow:
# other less important stanzas removed
[oauth]
oauth-auth = https
default-fed-id = urn:jwt:webseal
cluster-name = oauth-cluster
[tfim-cluster:oauth-cluster]
server = 9,https://localhost:443/TrustServerWST13/services/RequestSecurityToken
# This stanza was configurated hoping to find those additional headers once in the STS chain
[azn-decision-info]
HTTP_HOST_HEADER = header:host
HTTP_XGTID_HEADER = header:x-global-transaction-id
HTTP_LHPSUTOKEN_HEADER = header:lh-psu-token
HTTP_LHJWT_HEADER = header:jwt
For each incoming request the STS chain with the id
urn:jwt:webseal is correctly executed.
That STS Chain is made of a single MAP step, with an associated mapping rule.
Unfortunately, once in the mapping rule of the chain, I have found no way to access any of the http headers of the initial request (even after adding those headers in azn-decision-info)
How can I configure webseal so that those additional headers are sent in the request to the STS and could be used for deciding the correct identity for the initial request ?
------------------------------
André Leruitte
------------------------------