NodeJS 如何从Azure API管理中的标头读取值并将其传递到keycloak领域中的路径参数?

vx6bjr1n  于 2023-06-05  发布在  Node.js
关注(0)|答案(1)|浏览(398)

从API策略中的header读取值,并将其传递给azure策略中的api路径参数
嗨,我有一个要求,我使用keycloak来验证我的网址。下面是我的政策

<policies>
    <inbound>
        <base />
        <validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Authorization Failed. Check Bearer Token">
            <openid-config url="https://keycloak.digit.i/realms/{realmName}/.well-known/openid-configuration" />
        </validate-jwt>
    </inbound>
    <backend>
        <base />
    </backend>
    <outbound>
        <base />
    </outbound>
    <on-error>
        <base />
    </on-error>
</policies>

现在我有一个要求,比如我必须从头部读取一个值,并将其传递给openid-config URL的路径参数。下面是我想达到的目标

<policies>
    <inbound>
        <base />
                <set-variable name="HostName" value="@{
            string [] HostNameHeader;
            
            context.Request.Headers.TryGetValue("Host", out HostNameHeader);    

            return HostNameHeader[0];
        }" />
        <validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Authorization Failed. Check Bearer Token">
            <openid-config url="https://keycloak.digit.i/realms/{HostName}/.well-known/openid-configuration" />
        </validate-jwt>
    </inbound>
    <backend>
        <base />
    </backend>
    <outbound>
        <base />
    </outbound>
    <on-error>
        <base />
    </on-error>
</policies>

请指导我如何才能实现它

e4eetjau

e4eetjau1#

我在我的环境中复制了报告的问题,并得到了以下结果-

在这里,我使用Azure AD进行openid-config URL(https://login.microsoftonline.com/{aad-tenant}/.well-known/openid-configuration用于v1端点,https://login.microsoftonline.com/{aad-tenant}/v2.0/.well-known/openid-configuration用于v2端点),其中aad-tenant是我的Azure AD租户ID
我正在从请求头阅读tenant-id,并将其传递给openid-config URL

政策-

<policies>
<inbound>
<base  />
<set-variable  name="aad-tenant"  value="@(context.Request.Headers.GetValueOrDefault("tenantId", ""))"  />
<validate-jwt  header-name="Authorization"  failed-validation-httpcode="401"  failed-validation-error-message="Unauthorized. Access token is missing or invalid.">
<openid-config  url="@($"https://login.microsoftonline.com/{(string)context.Variables["aad-tenant"]}/.well-known/openid-configuration")"  />
</validate-jwt>
</inbound>
<backend>
<base  />
</backend>
<outbound>
<base  />
</outbound>
<on-error>
<base  />
</on-error>
</policies>

API管理服务测试结果-

相关问题