ConsoleMe
GitHub
  • About
  • Architecture
  • Features
    • Credentials
      • AWS Console Login
      • AWS Credential Broker
    • Policy Management
      • Policies View
      • Policy Editor for IAM, SQS, SNS, and S3
      • Self-Service IAM Wizard
      • Policy Request - Review Page
      • Role Creation and Cloning
  • Demo
  • Quick Start
    • Docker
    • Local
  • Prerequisites
    • Required IAM Permissions
      • Central Account
      • Spoke Accounts
  • Configuration
    • Web App Authentication and Authorization
      • Local Development (Auth bypass)
      • ALB Auth (Recommended)
      • Retrieving Google Groups
      • OIDC/OAuth2
        • Cognito
        • Okta
      • SAML
      • Plain-Text Headers
    • Role Credential Authorization
      • Role Tags
        • Role Tagging Service Control Policy (Recommended)
      • Role Authorization through Dynamic Configuration
      • Custom Authorization (Internal Plugin)
    • Account Syncing
    • Metrics
    • Dynamic Configuration
    • AWS Resource Syncing
    • CLI Authentication
    • Sending email through SES
    • AWS Secret Manager Integration
    • CloudTrail Integration via AWS Event Bridge
    • Slack Notifications
  • Celery Tasks
    • Celery Flower
  • Development Guide
    • UI Components
    • Managing Dependencies
  • Deployment Strategies
  • Contributing
  • FAQ
  • License
  • Security
  • Weep CLI
    • Getting Started with Weep
    • AWS Credentials in the CLI using Weep and ConsoleMe
    • Configuration
    • Commands
      • List
      • Serve
      • Export
      • File
      • Credential Process
    • Assuming Roles
    • Advanced Configuration
      • Routing for Metadata Service
      • Shell Completion
Powered by GitBook
On this page

Was this helpful?

  1. Configuration
  2. Web App Authentication and Authorization

Plain-Text Headers

PreviousSAMLNextRole Credential Authorization

Last updated 3 years ago

Was this helpful?

Perhaps you already have a homegrown solution that will authenticate your users, like an Apache or Nginx module. ConsoleMe can be configured to extract a user and their groups from plain text headers provided by these modules.

These headers are sensitive, and you'll need to ensure the web server that you have in front of ConsoleMe drops these headers if the user passes them with their request

ConsoleMe expects the groups header to be a comma separated list of the user's groups.

We have an example configuration .

auth:
  get_groups_by_header: true
  get_user_by_header: true
  groups_header_name: group_header
  user_header_name: user_header

�

here