Hello Maxim,
The attached patch allows your http_auth_request_module to forward a
302 response and the associated "Location" header to the client. The
goal is to allow the authentication back end to redirect the client to
a login page instead of using WWW-Authenticate header.
I'm currently attempting to use your module to authenticate users
against an Active Directory server. I have a PHP script that can
perform the necessary security checks and cache user credentials for
better performance. The problem is that if I rely on HTTP Basic
authentication, I lose control over the client's session (timeout,
logout, etc.). I know that it is possible to force some browsers to
"forget" the credentials in order to log out, but it's a hack that I'd
rather avoid.
The best solution is to use cookies, but for this I need to be able to
redirect the user to the login page when authentication fails. The
current behavior of the auth_request module is to return an Internal
Server Error for any response code other than 401, 403, or 200.
To make this patch, I simply copied your handling of the
www_authenticate header. If there is a more elegant solution or some
additional logic required, please feel free to change the code as
needed.
- Max
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel