search cancel

How to add user email address into a header

book

Article ID: 238703

calendar_today

Updated On:

Products

ProxySG Software - SGOS ISG Proxy ASG-S200 ASG-S400 ASG-S500

Issue/Introduction

You're looking for a way to add user email address into the custom header.

Environment

Fetching email address is only supported for IWA-Direct and SAML realms as stated in ProxySG Log Fields and Substitutions guide and requires additional configuration.

Resolution

ProxySG is able to fetch user email for access logs and use them accordingly in custom policies.



1. We need to start and verify if user has assigned email address in AD

2. Edit via CLI our realm to fetch email information:

#(config) security iwa-direct edit-realm realm_name
This changes the prompt to:
#(config iwa-direct realm_name)

You can verify changes by checking realm settings via command
#show realms

You can read more in CLI admin guide below:
ProxySG Command Line Interface Reference

3. You can add log field to your access log.



For more information please take a look into below guide:
ProxySG Log Fields and Substitutions

4. To see if proxy is fetching access log, you can add custom log field from above and start a access log trail from Statistics -> Access logging -> Start trail

5. As we have finally user email fetched, we want to create header that will include user email address. For this we can follow up with kb article:
Creating custom headers for ProxySG

Example:

6. At last as a good practice, we would like to verify changes and make sure that the header is inserted into the request. Easiest way to accomplish this is running packet capture or policy trace.
In below screenshot I followed up unencrypted http stream request to example.com:

In clear text we can see that our custom header contains my user email address.

Attachments