Hi, I’m trying to integrate nginx with a proprietary authentication
scheme
and I need a bit of help!
The auth scheme is this: traffic is allowed through nginx if there
exists a
cookie containing a valid HMAC. If not, nginx is to redirect to an auth
server (same domain) which will prompt the user for credentials. Upon
successful login the auth server will emit a valid HMAC and then
redirect
the user back to nginx which will then validate and do its thing.
The HMAC validation is proprietary and there exists a C lib to perform
the
task. I figured writing an nginx module that will exeucte during the
access
phase would do the trick. Trouble is, I can’t figure out how to do the
redirect to the auth server in the case the HMAC is missing or invalid.
Try
as I might, I just can’t get nginx to do a temporary redirect in the
access
phase (i can do this just fine in the content phase!).
What’s the preferred approach for doing this? Can it be done all in the
module, or do I need a combination of module + error_page redirection?
On Fri, Mar 07, 2014 at 09:38:42PM -0500, lerouxt wrote:
task. I figured writing an nginx module that will exeucte during the access
phase would do the trick. Trouble is, I can’t figure out how to do the
redirect to the auth server in the case the HMAC is missing or invalid. Try
as I might, I just can’t get nginx to do a temporary redirect in the access
phase (i can do this just fine in the content phase!).
What’s the preferred approach for doing this? Can it be done all in the
module, or do I need a combination of module + error_page redirection?
A redirect can be returned from an access phase handler as usual,
by adding appropriate Location header and returning a
NGX_HTTP_MOVED_TEMPORARILY code: