Extract Identity
Extracts identity attributes from headers or tokens.
Use the Extract Identity policy to retrieve identity claims from tokens or headers and store them in context for downstream policies.
For more information on the policy parameter descriptions, see DataPower Nano Gateway documentation.
Example of an Extract Identity policy in code view.
kind: ExtractIdentity
metadata:
name: extractIdentity-hostip
namespace: security
version: 1.0
spec:
namespace: ""
hostname: {}
# (or)
# ipAddress: {}
---
kind: ExtractIdentity
metadata:
name: extractIdentity-http-basic
namespace: security
version: 1.0
spec:
namespace: ""
httpBasic: # 1 of 5
httpHeader:
name: my-custom-header
# contextVar: # 2 of 5
# name: ""
# query: # 3 of 5
# username: ''
# password: ''
# payload: # 4 of 5
# username: ''
# password: ''
# cookie: # 5 of 5
# name: ''
---
kind: ExtractIdentity
metadata:
name: extract-identity-oauth2
namespace: security
version: 1.0
spec:
namespace: ""
oAuth2:
# 1 of 5
httpHeader:
name: my-custom-header
# contextVar: # 2 of 5
# name: ""
# query: # 3 of 5
# name: ''
# payload: # 4 of 5
# name: ''
# cookie: # 5 of 5
# name: ''
---
kind: ExtractIdentity
metadata:
name: extract-identity-jwt
namespace: security
version: 1.0
spec:
namespace: ""
jwt:
# 1 of 5
httpHeader:
name: my-custom-header
# contextVar: # 2 of 5
# name: ""
# query: # 3 of 5
# name: ''
# payload: # 4 of 5
# name: ''
# cookie: # 5 of 5
# name: ''
---
kind: ExtractIdentity
metadata:
name: extract-identity-apikey
namespace: security
version: 1.0
spec:
namespace: ""
apiKey:
httpHeader:
name: my-custom-header
---
kind: ExtractIdentity
metadata:
name: ei-subscription-credentials
namespace: security
version: 1.0
spec:
namespace: ""
subscriptionCredentials:
client_id:
# 1 of 5
httpHeader:
name: my-custom-header
# contextVar: # 2 of 5
# name: ""
# query: # 3 of 5
# name: ''
# payload: # 4 of 5
# name: ''
# cookie: # 5 of 5
# name: ''
client_secret:
# 1 of 5
httpHeader:
name: my-custom-header
# contextVar: # 2 of 5
# name: ""
# query: # 3 of 5
# name: ''
# payload: # 4 of 5
# name: ''
# cookie: # 5 of 5
# name: ''
---
kind: ExtractIdentity
metadata:
name: ei-certificate
namespace: security
version: 1.0
spec:
namespace: ""
certificate:
# 1 of 2
httpHeader:
name: my-custom-header
# tlsCert: {} # 2 of 2
---
kind: ExtractIdentity
metadata:
name: ei-http-headers
namespace: security
version: 1.0
spec:
namespace: ""
httpHeaders:
- header-one
- header-two
---
kind: ExtractIdentity
metadata:
name: ei-payload-element
namespace: security
version: 1.0
spec:
namespace: ""
payloadElement:
regex: '' # 1 of 2
# jsonata: '' #2 of 2