You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently if the X-Scope-OrgID header is already present in the request to Oathkeeper, the permission check endpoint in ouir backend will only check if the subject can access that tenant and return only 200 or 403 (without including the header in the response). This means it does not resolve all tenants a subject can access. This can be useful in cases where federated request across multiple tenants aren't supported or wanted.
However, in cases such as the Alertmanager UI, which doesn't support tenant federation, it will be difficult to add headers to requests. To solve for this use case we should allow passing a tenant ID as a query parameter. Then our permission check endpoint can check if the query parameter is present. If it is, it can check that the subject has the permissions to access the Alertmanager UI and finally add the X-Scope-OrgID header in the response so it can be passed along downstream.
The text was updated successfully, but these errors were encountered:
Currently if the
X-Scope-OrgIDheader is already present in the request to Oathkeeper, the permission check endpoint in ouir backend will only check if the subject can access that tenant and return only200or403(without including the header in the response). This means it does not resolve all tenants a subject can access. This can be useful in cases where federated request across multiple tenants aren't supported or wanted.However, in cases such as the Alertmanager UI, which doesn't support tenant federation, it will be difficult to add headers to requests. To solve for this use case we should allow passing a tenant ID as a query parameter. Then our permission check endpoint can check if the query parameter is present. If it is, it can check that the subject has the permissions to access the Alertmanager UI and finally add the
X-Scope-OrgIDheader in the response so it can be passed along downstream.The text was updated successfully, but these errors were encountered: