Apache Apisix is a modern, high-performance, and cloud-native API gateway that enables you to manage and secure your API traffic effectively. It acts as an intermediary between clients and backend services, providing features such as load balancing, authentication, rate limiting, traffic control, and more
Make sure you have already enabled OpenID Connect on your LemonLDAP::NG server.
Then, add a Relaying Party with the following configuration:
james_client_id
james_client_secret
http://apisix.example.com:8081/add-revoked-token
http://apisix.example.com:8081/login-callback.html
Define exported attributes:
email
: the user identifierThe Apisix route configuration for OIDC is as follows: (based on openid-connect plugins)
services:
-
id: jmap_service_oidc
upstream_id: jmap_upstream
plugins:
openid-connect:
_meta:
filter:
- - request_method
- "~="
- OPTIONS
client_id: "james_client_id"
client_secret: "james_client_secret"
discovery: "http://lemonldap.domain/auth/realms/oidc/.well-known/openid-configuration"
scope: "openid profile email"
bearer_only: true
use_jwks: true
Note
The example with Apisix and Apache James can be found here: https://github.com/apache/james-project/blob/master/examples/oidc/README.md