SSO with Auth_Request

Jason Tuck designerfh at
Mon Aug 22 17:51:32 UTC 2016

Hi All, 
 I'm trying to implement SSO similar to this: however I am using node/passport/azure-ad for my authentication service. 

The issue I am running into is - how do I get the originally requested route /app1 when the subrequest returns a 401? I'd like to pass that along to the passport.js middleware as a parameter so it will redirect me properly after authentication (which involves several redirects). 

server { 
    listen 80; 
    server_name localhost; 

    error_page 401 /login; 

    location /login { 
        set $app //this is where I get stuck 
        rewrite ^/login http://localhost:3200/login?appUrl=$app; 

    location /app1 { 
        root /var/www/html; 
        index index.html index.htm index.nginx-debian.html; 
        auth_request /auth; 

    location /auth { 
        proxy_pass http://localhost:3200/auth; 
        proxy_pass_request_body off; 
        proxy_set_header Content-Length ""; 

I've tried returning the value from node as a custom header, tried $upstream_http_, $sent_http_, $http_, 
Tried storing it as a session variable, but express sees the subrequest as a different session than navigating directly, etc. 

I've gone through the past couple years on the mailing list archive and didnt see anything. 

Any help would be appreciated! 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list