Authentication module help!

lerouxt nginx-forum at nginx.us
Sat Mar 8 02:38:42 UTC 2014


Hi, I'm trying to integrate nginx with a proprietary authentication scheme
and I need a bit of help!

The auth scheme is this:  traffic is allowed through nginx if there exists a
cookie containing a valid HMAC.  If not, nginx is to redirect to an auth
server (same domain) which will  prompt the user for credentials.  Upon
successful login the auth server will emit a valid HMAC and then redirect
the user back to nginx which will then validate and do its thing.

The HMAC validation is proprietary and there exists a C lib to perform the
task.  I figured writing an nginx module that will exeucte during the access
phase would do the trick. Trouble is, I can't figure out how to do the
redirect to the auth server in the case the HMAC is missing or invalid.  Try
as I might, I just can't get nginx to do a temporary redirect in the access
phase (i can do this just fine in the content phase!).

What's the preferred approach for doing this?  Can it be done all in the
module, or do I need a combination of module + error_page redirection?

-Tom

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,248235,248235#msg-248235



More information about the nginx mailing list