Header authentication
If using the authentication option Header, there are three additional settings in the config file to consider.
<add key="HeaderUser" value="x-nod-user" />
<add key="HeaderGroup" value="x-nod-group" />
<add key="HeaderResolveADGroups" value="true" />
Two of them hold the header keys that needs to be populated in the header based on the authenticated user by e.g. a reverse proxy in front of NodeGraph.
HeaderUser: Mandatory field. Defaults to “x-nod-user” and should be populated with the authenticated username.
HeaderGroup: Optional field. Defaults to “x-nod-group” and can be populated with any groups that the authenticated user belongs to. For multiple groups, separate with a colon.
The third option is HeaderResolveADGroups, which is a Boolean value if NodeGraph should connect to the Active Directory (AD) to extract group belongings for the authenticated user. If this is set to true, AD details need to be entered in the NodeGraph General Settings.
AD details in NodeGraph General Settings
AD Domain: Mandatory field. To limit the LDAP query in the AD, it is possible to enter a specific container name in the optional field AD Container. The NodeGraph service user account will be used to perform the group lookup so make sure it has sufficient rights.
The options HeaderGroup and HeaderResolveADGroups can be used in combination, all groups that are found in any of the two steps will be used for the active user.
This is an example call of this setting from Postman:
Header settings from Postman
