Form based authenication in Apache

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Form based authenication in Apache

Sathish Vijayan

Hi,

 

I am using form based authentication in Apache for proxy forwarding to different application under the same domain:

 

For Example:

 

https://www.example.com/Application1

https://www.example.com/Application2/{uri_parameter1}/{uri_parameter2}/

https://www.example.com/Application3?param1={paramvalue1}

and so on

 

Use case:

 

It uses single sign on, so If one application is already logged in. Other application doesn’t require login again.

It is the same functionality on logout as well. If one application is logged out, then all other application already login should be logged out.

 

Problem statement:

 

Now when I redirect to logout url location from applaication1, All applications are logged out successfully. other applications – application2 and application3  is redirected to login page on click of refresh or any other action in that page.  But I need to redirect to logout page instead.

 

Is it possible to achieve – redirect to all applications to logout page, once it is successfully signed out

 

Some codes sample,, which I used to achieve form based authenciation:

 

<Directory />

  #LogMessage "mainDirectory"

  Options FollowSymLinks

  AllowOverride None

  AuthFormProvider file

  AuthType form

  AuthName "TEST"

  AuthUserFile /opt/ user/passwords

  Require valid-user

  AuthFormLoginRequiredLocation /login/login.html?req=%{REQUEST_URI}?%{QUERY_STRING}

  AuthFormFakeBasicAuth On

  Session On

  SessionCookieName session path=/;secure;

  #SessionExpiryUpdateInterval 1

  SessionCryptoPassphrase secret

</Directory>

 

<Location /logout>

  #Require all granted

  AuthFormLogoutLocation /logout/logout.html

  Session On

  SessionMaxAge 1

  #SessionExpiryUpdateInterval 1

  SessionCookieName session path=/;secure;

  SessionCryptoPassphrase secret

  RequestHeader unset Cookie

</Location>

 

<Location /login>

  Require all granted

</Location>

 

<Location /dologin>

  SetEnvIf Referer ^.*req=(.*)&?$ req=$1

  AuthFormLoginSuccessLocation %{ENV:req}

</Location>

 

Include /opt/proxy/sites/common/conf/application1.conf

Include /opt/proxy/sites/common/conf/ application2.conf

Include /opt/proxy/sites/common/conf/ application3.conf

 

Regards,

Sathish Vijayan

 

 

Det här e-postmeddelandet kan innehålla personuppgifter om dig som sändare eller mottagare samt om andra personer. Information om hur vi på Tre behandlar personuppgifter finns att läsa på www.tre.se/gdpr.

Reply | Threaded
Open this post in threaded view
|

Re: Form based authenication in Apache

Eric Covener
> Now when I redirect to logout url location from applaication1, All applications are logged out successfully. other applications – application2 and application3  is redirected to login page on click of refresh or any other action in that page.  But I need to redirect to logout page instead.

I don't think this is possible.   If you have 1 session and 1 session
cookie, your users are not logged into three applications. They're
logged into a single session.
They are either logged in or logged out. A logged out user will never
be sent to a logout page or they'd never escape.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Form based authenication in Apache

Sathish Vijayan
In reply to this post by Sathish Vijayan

Hi,

 

I am using form based authentication in Apache for proxy forwarding to different application under the same site domain:

 

For Example:

 

https://www.example.com/Application1

https://www.example.com/Application2/{uri_parameter1}/{uri_parameter2}/

https://www.example.com/Application3?param1={paramvalue1}

and so on

 

Use case:

 

It uses single sign on, so If one application is already logged in. Other application doesn’t require login again.

It is the same functionality on logout as well. If one application is logged out, then all other application already login should be logged out.

 

Problem statement:

 

Now when I redirect to logout url location from applaication1, All applications are logged out successfully. Like applications – application2 and application3 are redirected to login page on click of refresh or any other action in that page.  But I need to redirect to logout page instead.

 

Doubt/Question:

 

Is it possible to achieve – redirect to all applications to logout page, once it is successfully signed out?

 

Some codes sample,, which I used to achieve form based authenciation:

 

<Directory />

  #LogMessage "mainDirectory"

  Options FollowSymLinks

  AllowOverride None

  AuthFormProvider file

  AuthType form

  AuthName "TEST"

  AuthUserFile /opt/ user/passwords

  Require valid-user

  AuthFormLoginRequiredLocation /login/login.html?req=%{REQUEST_URI}?%{QUERY_STRING}

  AuthFormFakeBasicAuth On

  Session On

  SessionCookieName session path=/;secure;

  #SessionExpiryUpdateInterval 1

  SessionCryptoPassphrase secret

</Directory>

 

<Location /logout>

  #Require all granted

  AuthFormLogoutLocation /logout/logout.html

  Session On

  SessionMaxAge 1

  #SessionExpiryUpdateInterval 1

  SessionCookieName session path=/;secure;

  SessionCryptoPassphrase secret

  RequestHeader unset Cookie

</Location>

 

<Location /login>

  Require all granted

</Location>

 

<Location /dologin>

  SetEnvIf Referer ^.*req=(.*)&?$ req=$1

  AuthFormLoginSuccessLocation %{ENV:req}

</Location>

 

Include /opt/conf/application1.conf

Include /opt/conf/application2.conf

Include /opt/conf/ application3.conf

 

Regards,

Sathish Vijayan

 

Det här e-postmeddelandet kan innehålla personuppgifter om dig som sändare eller mottagare samt om andra personer. Information om hur vi på Tre behandlar personuppgifter finns att läsa på www.tre.se/gdpr.