We have to inspect the lost password request to pull out the username and populate the header. Unfortunately, they do not get a response with a token in it because they get an e-mail with the temporary token. This will be an update to the Rackspace Auth User filter. We should check the API docs to see what the format(s) looks like for XML and/or JSON. This should only be done for the lost password endpoint.
For the second request we need Identity to populate the response with the username which we'll pull out and populate the UAE event with. This will be an update to the HERP filter. If it doesn't find the request header for the username, then it should check the response header for this case.
- We need Identity to fill out a response header for the second case: https://jira.rax.io/browse/CID-560
- The Rackspace Auth User filter should populate the X-User-Name header using the body of a lost password request for the expected formats.
- HERP uses the response header provided by Identity for the username when it's not provided in the request header.