Setting origin identity (e.g request.auth.user) from upstream proxy header value?


our istio ingressgateway is only reachable via an authenticating reverse proxy. That proxy adds headers for the authenticated user (but no JWT).

Is it possible to configure istio to use this header for the origin identity?

If I understand istio correctly, what I’m looking for is setting the request.auth.user field in a filter(?) to a header value from the incoming request. Basically the opposite of this: [Question] Decode JWT and put "sub" into a request header