I would like to link a consumer to an API that is authenticated with LDAP. Not sure if I am going about this the wrong way - but I would have expected to see LDAP as one of the Auth options when I edit a Consumer, but I cant.
How should I do this?
PS: So I have successfully configured the LDAP plugin and it works fine - but I would need to “link” the username (X-Credential-Username) header to a defined Consumer so I can add additional info and authorization settings
The LDAP plugin can’t be applied only to a certain consumer. It can only be applied globally, or on a specific API.
Can you please clarify what you mean by
“link” the username (X-Credential-Username) header to a defined Consumer"
Thanx for the feedback. Let me use an example:
Lets say there is a global ldap account for entity ABC
I want to define a consumer ABC in kong as well and that consumer info and properties should be passed on in the header to the downstream APIs. Specifically i want to add a JWT token defined for ABC in kong
Cool, thanks for the aditional info.
I don’t believe that would be possible with just the LDAP plugin alone (still need to do some testing before I can say that with confidence), but could you add in the Response Transformer plugin to add those fields in?
I am considering implementing the same process.
I am thinking I need to design a login server accessed as an API in Kong. The login service would be protected by Kong LDAP plugin. When a request successfully gets to the login server it would use the Kong admin API to check if the consumer exists and create it if necessary. It would also add a JWT credential to the consumer and return this to the client. That way the client can use the JWT credential to access other API’s.
I still have to find out how the JWT token expiry process will work. I think my clients will need to re-login. Not sure if Kong JWT tokens have expiry.
I also need to research to find out if this functionality is already built into Kong. (If not it would be nice to have)