I've written an additional feature into the Auth Request module (from http://mdounin.ru/hg/ngx_http_auth_request_module/) that allows a user to control the behaviour of the auth_request in such a way that it can act as a FastCGI authorizer. This patch that I have written allows the user to specify the flag "authorizer=on" against a call to "auth_request" (eg "auth_request /my-auth authorizer=on;") and the auth request module will behave as per the authorizer specification (http://www.fastcgi.com/drupal/node/22#S6.3).
There is one (potentially significant) caveat for now is that request/response bodies are not passed to the authorizer or back to the client respectively - assistance on this would be greatly appreciated. However, as it stands at present, the authorizer mode is able to correctly handle situations where only the headers are utilised -- eg the Shibboleth SSO FastCGI authorizer which relies on redirection and cookies and never a response/request body. This satisfies at least what I need it for at present and authentication works successfully.
I'd like to see about whether this can be included within the main module itself at http://mdounin.ru/hg/ngx_http_auth_request_module, as I know this will be useful to more than just me. For example, see the various posts and questions surrounding this: https://www.google.com/search?q=fastcgi+authorizer+nginx .
The latest version of my module lives at:
https://bitbucket.org/davidjb/ngx_http_auth_request_module
and the one main diff is located at:
https://bitbucket.org/davidjb/ngx_http_auth_request_module/commits/3d865a718d3e34e4e353962ccc71c588a806db31/raw/
Comments are more than welcome.
Thanks,
David
There is one (potentially significant) caveat for now is that request/response bodies are not passed to the authorizer or back to the client respectively - assistance on this would be greatly appreciated. However, as it stands at present, the authorizer mode is able to correctly handle situations where only the headers are utilised -- eg the Shibboleth SSO FastCGI authorizer which relies on redirection and cookies and never a response/request body. This satisfies at least what I need it for at present and authentication works successfully.
I'd like to see about whether this can be included within the main module itself at http://mdounin.ru/hg/ngx_http_auth_request_module, as I know this will be useful to more than just me. For example, see the various posts and questions surrounding this: https://www.google.com/search?q=fastcgi+authorizer+nginx .
The latest version of my module lives at:
https://bitbucket.org/davidjb/ngx_http_auth_request_module
and the one main diff is located at:
https://bitbucket.org/davidjb/ngx_http_auth_request_module/commits/3d865a718d3e34e4e353962ccc71c588a806db31/raw/
Comments are more than welcome.
Thanks,
David