The Rackspace Auth User filter enables Rackspace's identity service to extract usernames from authentication payloads for rate-limiting purposes. The filter will parse out, from both JSON and XML, the username in the request payload and place it in the X-PP-User header. Additionally, this filter will use the configured group name as the X-PP-Groups header, if it is able to parse out a username. These headers will have the quality assigned to them from the configuration or will the default. If the filter cannot parse a username, it will pass without modifying any headers.
In newer releases, if there is a domain in the request, then it is placed in the X-Domain header. Also if the domain is Rackspace, then Racker: is prepended to the the username in the X-PP-User header. The functionality was backported to v184.108.40.206 and will be included in v220.127.116.11 forward.
General filter information
Filter name: rackspace-auth-user
Filter configuration: rackspace-auth-user.xml
Released: version 3.1.1
Required headers: The Rackspace Auth User filter has no required request headers.
Required preceding filters: The Rackspace Auth User filter has no required preceding filters.
Recommended follow-on (succeeding) filters: Rate Limiting filter
To enable Rackspace's identity service to extract usernames from authentication payloads with the Rackspace Auth User filter, edit the rackspace-auth-user.xml file.
1. Set Up Repose
Configure Repose using either a cluster or a single instance configuration.
2. Add the Rackspace Auth User filter
Add the Rackspace Auth User filter to your system model configuration. Place this filter before authentication filters.
3. Configure the Rackspace Auth User filter
Within the rackspace-auth-user element:
- Configure <v1_1> and <v2_0> for the versions of the Rackspace authentication service to parse.
- Optional elements and attributes are listed in the Configurable parameters table below.
In the following configuration, the filter is configured to parse payloads for the Auth 1.1 and Auth 2.0 contracts. Group and quality are optional elements.
Configure the Rackspace Auth User filter by editing the rackspace-auth-user.xml. Add the filter to the Repose deployment through the system model configuration by editing the following elements and attributes.
|<rackspace-auth-user>||-||Required||Specifies the sub-elements and attributes to define your Rackspace Auth User configuration.|
Specifies which version of the Rackspace identity contract to parse the username from. Both <v1_1> and <v2_0> have the same attributes & abilities.
|<group>||-||Optional||Defines the X-PP Groups header for this filter, including the quality. If no group is specified, Repose will default to the Pre_Auth group.|
Defines the quality assigned to the header. For example, if the quality value is .7, the resulting header is X-PP-User: derp;q=0.7.
If no value is specified, Repose assigns the default value which is 0.6.
|content-body-read-limit||Optional||Specifies the size of the content. The default value is 4 KB. If the the content exceeds the limit, Repose does not reject the request. It processes content up to the specified limit, and then stops.|
Return codes and conditions
This filter does not return specific response codes. The request will simply pass through to the next filter or to the origin service.
The Rackspace Auth User filter will set X-PP-User and X-PP-Groups headers with the quality value that you configure. The default quality value is 0.6. If there is a domain in the response, the X-Domain header is also populated.
NOTE: The X-Domain header is only added in v18.104.22.168 and v22.214.171.124 forward and also modifies the username as appropriate.