SSO with Auth_Request

[Jason Tuck]

Hi All, 
 I'm trying to implement SSO similar to this: https://developers.shopware.com/blog/2015/03/02/sso-with-nginx-authrequest-module/ however I am using node/passport/azure-ad for my authentication service. 

The issue I am running into is - how do I get the originally requested route /app1 when the subrequest returns a 401? I'd like to pass that along to the passport.js middleware as a parameter so it will redirect me properly after authentication (which involves several redirects). 

server { 
    listen 80; 
    server_name localhost; 

    error_page 401 /login; 

    location /login { 
        set $app //this is where I get stuck 
        rewrite ^/login http://localhost:3200/login?appUrl=$app; 
    } 

    location /app1 { 
        root /var/www/html; 
        index index.html index.htm index.nginx-debian.html; 
        auth_request /auth; 
    } 

    location /auth { 
        proxy_pass http://localhost:3200/auth; 
        proxy_pass_request_body off; 
        proxy_set_header Content-Length ""; 
    } 
} 

I've tried returning the value from node as a custom header, tried $upstream_http_, $sent_http_, $http_, 
Tried storing it as a session variable, but express sees the subrequest as a different session than navigating directly, etc. 

I've gone through the past couple years on the mailing list archive and didnt see anything. 

Any help would be appreciated! 

Thanks 
Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160822/e5c5345c/attachment.html>