Welcome! Log In Create A New Profile

Advanced

Help configuring headers to generate a proper Kerberos Token for a backend behind Nginx

Posted by flowerpower 
Hello,

I'm using a backend authentication which provides SPNEGO Authentication behind a Nginx proxy.
It seems that the client SPNEGO token is generated from the hostname, so my users cannot use the spnego negotiation correctly with this configuration:

server {
listen 443;
location / {
satisfy all;
auth_request /auth;
auth_request_set $saved_www_authenticate $upstream_http_www_authenticate;
add_header WWW-Authenticate $saved_www_authenticate;
proxy_pass https://myprotectedsite;
}
location /auth {
internal;
proxy_pass http://myauthbackend;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;

}
}


The backend is correctly getting the headers WWW-Authenticate with the token but obviously it is not proper and do not pass the authentication. Is there a way to modifying the right headers to instruct the client that the backend is not the proxy but itself ?
Best regards
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 140
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready