Copy JWT Claims to HTTP Headers
This task shows you how to copy valid JWT claims to HTTP headers after JWT authentication is successfully completed via an Istio request authentication policy.
Before you begin
Before you begin this task, do the following:
Familiarize yourself with Istio end user authentication support.
Install Istio using Istio installation guide7.
Deploy
httpbin
andsleep
workloads in namespacefoo
with sidecar injection enabled. Deploy the example namespace and workloads using these commands:Verify that
sleep
successfully communicates withhttpbin
using this command:
Allow requests with valid JWT and list-typed claims
The following command creates the
jwt-example
request authentication policy for thehttpbin
workload in thefoo
namespace. This policy accepts a JWT issued bytesting@secure.istio.io
and copies the value of claimfoo
to an HTTP headerX-Jwt-Claim-Foo
:Verify that a request with an invalid JWT is denied:
Get the JWT which is issued by
testing@secure.istio.io
and has a claim with keyfoo
.Verify that a request with a valid JWT is allowed:
Verify that a request contains a valid HTTP header with JWT claim value:
Clean up
Remove the namespace foo
: