newbie question

Alex Samad alex at samad.com.au
Thu Oct 13 04:53:37 UTC 2016


Hi

Thanks

I ended up with this but still with issues

map $cookie_SSOID $ssoid_cookie {
    default "";
    ~SSOID=(?P<ssoid>.+) $ssoid;
}

location /imaadmin/ {
    proxy_cache off;
    proxy_pass http://IMAAdmin;

    auth_request /sso/validate;
    # must use %20 for url encoding
    set $sso_group "Staff-sso";

    proxy_pass
error_page 401 = @error401;
location @error401 {
   # return 302 https://$server_name/sso/login;
   rewrite ^ https://$server_name/sso/login;
}

location /sso/validate {
    proxy_cache off;
    rewrite (.*) $1?SSOID=$cookie_ssoid&a=$sso_group? break;
    proxy_set_header X-Original-URI $request_uri;
    proxy_pass


location /sso/ {
    proxy_cache off;

    rewrite (.*) $1 break;
    proxy_set_header X-Original-URI $request_uri;
    proxy_set_header X-Original-URI "imaadmin";     # have to hard code
    proxy_pass

So
http://abc.com.au/imaadmin

does a http://abc.com.au/sso/validate?SSOID=<ssoid|>&a=<some text>
200 = okay
401 redirect to http://abc.com.au/sso/login

sso redirects to http://abc.com.au/sso/login/form/[X-Original-URI]
<<< its failing here I am hard coding this

Thanks




On 13 October 2016 at 01:02, Maxim Dounin <mdounin at mdounin.ru> wrote:
> Hello!
>
> On Wed, Oct 12, 2016 at 12:43:12PM +1100, Alex Samad wrote:
>
>> Hi
>>
>> I am trying to create a dynamic auth address
>>
>>
>> # grab ssoid
>> map $cookie_SSOID $ssoid_cookie {
>>     default "";
>>     ~SSOID=(?P<ssoid>.+) $ssoid;
>> }
>>
>>
>>    location /imaadmin/ {
>>         proxy_cache off;
>>         proxy_pass http://IMAAdmin;
>>
>>
>>
>>         auth_request /sso/validate?SSOID=$ssoid_cookie&a=imaadmin;
>>
>>
>> what I am trying to do is fill the variable ssoid_cookie with the
>> cookie value for SSOID in the request or make it blank
>>
>> then when somebody tries to access /imaadmin make the auth request
>> /sso/validate?SSOID=$ssoid_cookie&a=imaadmin;
>>
>> but i get this
>> GET /sso/validate%3FSSOID=$ssoid_cookie&a=imaadmin HTTP/1.0
>
> This is because the "auth_request" directive doesn't support
> variables, and also doesn't support request arguments.
>
> Try this instead:
>
>     location /imaadmin/ {
>         auth_request /sso/validate;
>         ... proxy_pass ...
>     }
>
>     location = /sso/validate {
>         set $args SSOID=$ssoid_cookie&a=imaadmin;
>         ... proxy_pass ...
>     }
>
> --
> Maxim Dounin
> http://nginx.org/
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx



More information about the nginx mailing list