Hello!

On Fri, Mar 07, 2014 at 09:38:42PM -0500, lerouxt wrote:

> Hi, I'm trying to integrate nginx with a proprietary authentication scheme
> and I need a bit of help!
>
> The auth scheme is this: traffic is allowed through nginx if there exists a
> cookie containing a valid HMAC. If not, nginx is to redirect to an auth
> server (same domain) which will prompt the user for credentials. Upon
> successful login the auth server will emit a valid HMAC and then redirect
> the user back to nginx which will then validate and do its thing.
>
> The HMAC validation is proprietary and there exists a C lib to perform the
> task. I figured writing an nginx module that will exeucte during the access
> phase would do the trick. Trouble is, I can't figure out how to do the
> redirect to the auth server in the case the HMAC is missing or invalid. Try
> as I might, I just can't get nginx to do a temporary redirect in the access
> phase (i can do this just fine in the content phase!).
>
> What's the preferred approach for doing this? Can it be done all in the
> module, or do I need a combination of module + error_page redirection?

A redirect can be returned from an access phase handler as usual,
by adding appropriate Location header and returning a
NGX_HTTP_MOVED_TEMPORARILY code:

r->headers_out.location = ngx_list_push(&r->headers_out.headers);
if (r->headers_out.location == NULL) {
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}

r->headers_out.location->hash = 1;
ngx_str_set(&r->headers_out.location->key, "Location");
ngx_str_set(&r->headers_out.location->value, "http://example.com");

return NGX_HTTP_MOVED_TEMPORARILY;

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx