Hi All,
We have nginx1.4.7 with ngx_http_auth_request_module and
ngx_http_auth_basic_module besides few other modules. There are few
other
modules also, but have mentioned above two modules only due to relevance
to
this discussion.
Our application requires to have local user (meaning - store user name
and
passwd and authenticate at our server) and remote user (meaning -
delegate
authentication to remote servers like Radius/TACACS+, in this case, our
application is aware of only user name and which remote server to send
authentication request).
The goal is to configure nginx as following:
- Configure nginx to prompt username/passwd
- Once user enters username and passwd, get access to these fields and
pass to our web application which looks at local database and decides
whether user is local or remote. - If user is local, authenticate using ngx_http_auth_basic_module
(htpasswd style) - If user is remote, delegate authentication to remote server using
ngx_http_auth_request_module - Once authentication is successful (either in step 3 or step 4), pass
control back to our application for some book-keeping - Let authenticated user access application
Any suggestions how do we configure nginx to achieve above? please share
your thoughts/ideas/sample configs etc.
Regards,
Hari