ClaimMapper is responsible for translating identity information of the caller, from the TLS cert and/or JWT token
How can I add custom claims by TLS cert. In my case, I connect from my worker by TLS certs and I want to access specific namespace from this worker.
Hi @tihomir,
Can you please help me understand the expected way to authorize the internal per-namespace workers? I’m trying to add authorizers and claim managers that use worker identities from service mesh x-forwarded-client-certificate gRPC headers. When I add a custom authorizer and claim manager according to the provided examples, my workers start being authorized as expected. However, the internal perNamespaceWorker, which I understand manages scheduling and batches, fails to work because it does not provide any specific authInfo.
Should I distinguish the perNamespaceWorker from others and allow it to poll “temporal-sys-per-ns-tq” of all namespaces?
Thank you for your help.