Use HTTP verb in Service Provider request mapper
Fabien BERTEAU
fabien.berteau at manomano.com
Thu Oct 21 06:48:56 UTC 2021
Our micro-services are behind a NGINX based API gateway (Kong) and called
by a SPA (until this, it's legacy) that would use a classic SP initiated
flow, if this design is right.
I want to try to plug the Shibboleth SP on Kong and use the XML based
request mapper to centralize on Kong/SP all host/verb/path/query access
control.
But I would miss the HTTP verb access control feature.
Fabien
Fabien Berteau | Security Architect
Bordeaux
fabien.berteau at manomano.com <aurelien.lajoie at manomano.com>
Le mer. 20 oct. 2021 à 18:05, Cantor, Scott <cantor.2 at osu.edu> a écrit :
> I don't see any viable way this makes any sense unless you expect your web
> service clients to use ECP, and that's a non-starter, but the answer is
> that Apache can limit rules based on verbs.
>
> -- Scott
>
>
> --
> For Consortium Member technical support, see
> https://shibboleth.atlassian.net/wiki/x/ZYEpPw
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20211021/1bd1d181/attachment.htm>
More information about the users
mailing list