Transform Rule, or something else?
I was playing for the first time today with adding some auth to a CF tunnel, which, thanks to the very clear documentation on how to do that worked great! I added Azure AD in front of an app and it was fairly simple following the instructions to get things going!
The challenge that I ran into after that part, was that the app I am protecting is expecting the resulting username to be presented in the HTTP Headers as X-Remote-User. I didn't find anything out of the box on this, so I turned to getting some Ai advice which as usualy was a bit of a mixed bag, however, it did introduce me to Transform Rules, where I can rewrite headers. I used that to attempt to add the header with the dynamic value
I can see
So... are transform rules the right way to attempt this? Is there some magic I'm missing during auth that would map headers during a successful auth?
Appreciate any help anyone might have.
*incidentally, while I was trying to troubleshoot this, I found the container mejatos/request-headers to be INCREDIBLY helpful. It basically receives a request and logs all headers to console and as HTML in the response. Really nice, simple tool for using while you're trying to figure out what your headers look like. Figured I'd share that since I found it to be a helpful nugget.
The challenge that I ran into after that part, was that the app I am protecting is expecting the resulting username to be presented in the HTTP Headers as X-Remote-User. I didn't find anything out of the box on this, so I turned to getting some Ai advice which as usualy was a bit of a mixed bag, however, it did introduce me to Transform Rules, where I can rewrite headers. I used that to attempt to add the header with the dynamic value
http.request.headers["cf-access-authenticated-user-email"][0], however I just couldn't get it to work.I can see
cf-access-authenticated-user-email in the headers that reach my app* and I could add different headers, however I wasn't able to map cf-access-authenticated-user-email into X-Remote-User for some unknown reason.So... are transform rules the right way to attempt this? Is there some magic I'm missing during auth that would map headers during a successful auth?
Appreciate any help anyone might have.
*incidentally, while I was trying to troubleshoot this, I found the container mejatos/request-headers to be INCREDIBLY helpful. It basically receives a request and logs all headers to console and as HTML in the response. Really nice, simple tool for using while you're trying to figure out what your headers look like. Figured I'd share that since I found it to be a helpful nugget.
