Authentication module help!

Maxim Dounin mdounin at
Mon Mar 10 23:49:51 UTC 2014


On Fri, Mar 07, 2014 at 09:38:42PM -0500, lerouxt wrote:

> Hi, I'm trying to integrate nginx with a proprietary authentication scheme
> and I need a bit of help!
> The auth scheme is this:  traffic is allowed through nginx if there exists a
> cookie containing a valid HMAC.  If not, nginx is to redirect to an auth
> server (same domain) which will  prompt the user for credentials.  Upon
> successful login the auth server will emit a valid HMAC and then redirect
> the user back to nginx which will then validate and do its thing.
> The HMAC validation is proprietary and there exists a C lib to perform the
> task.  I figured writing an nginx module that will exeucte during the access
> phase would do the trick. Trouble is, I can't figure out how to do the
> redirect to the auth server in the case the HMAC is missing or invalid.  Try
> as I might, I just can't get nginx to do a temporary redirect in the access
> phase (i can do this just fine in the content phase!).
> What's the preferred approach for doing this?  Can it be done all in the
> module, or do I need a combination of module + error_page redirection?

A redirect can be returned from an access phase handler as usual, 
by adding appropriate Location header and returning a 

    r->headers_out.location = ngx_list_push(&r->headers_out.headers);
    if (r->headers_out.location == NULL) {

    r->headers_out.location->hash = 1;
    ngx_str_set(&r->headers_out.location->key, "Location");
    ngx_str_set(&r->headers_out.location->value, "");


Maxim Dounin

More information about the nginx mailing list