httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sathish Vijayan <Sathish.Vija...@tre.se>
Subject [users@httpd] Form based authenication in Apache
Date Wed, 02 Sep 2020 09:35:33 GMT
Hi,

I am using form based authentication in Apache for proxy forwarding to different application
under the same site domain:

For Example:

https://www.example.com/Application1
https://www.example.com/Application2/{uri_parameter1}/{uri_parameter2}/<https://www.example.com/Application2/%7buri_parameter1%7d/%7buri_parameter2%7d/>
https://www.example.com/Application3?param1={paramvalue1}
and so on

Use case:

It uses single sign on, so If one application is already logged in. Other application doesn't
require login again.
It is the same functionality on logout as well. If one application is logged out, then all
other application already login should be logged out.

Problem statement:

Now when I redirect to logout url location from applaication1, All applications are logged
out successfully. Like applications - application2 and application3 are redirected to login
page on click of refresh or any other action in that page.  But I need to redirect to logout
page instead.

Doubt/Question:

Is it possible to achieve - redirect to all applications to logout page, once it is successfully
signed out?

Some codes sample,, which I used to achieve form based authenciation:

<Directory />
  #LogMessage "mainDirectory"
  Options FollowSymLinks
  AllowOverride None
  AuthFormProvider file
  AuthType form
  AuthName "TEST"
  AuthUserFile /opt/ user/passwords
  Require valid-user
  AuthFormLoginRequiredLocation /login/login.html?req=%{REQUEST_URI}?%{QUERY_STRING}
  AuthFormFakeBasicAuth On
  Session On
  SessionCookieName session path=/;secure;
  #SessionExpiryUpdateInterval 1
  SessionCryptoPassphrase secret
</Directory>

<Location /logout>
  #Require all granted
  AuthFormLogoutLocation /logout/logout.html
  Session On
  SessionMaxAge 1
  #SessionExpiryUpdateInterval 1
  SessionCookieName session path=/;secure;
  SessionCryptoPassphrase secret
  RequestHeader unset Cookie
</Location>

<Location /login>
  Require all granted
</Location>

<Location /dologin>
  SetEnvIf Referer ^.*req=(.*)&?$ req=$1
  AuthFormLoginSuccessLocation %{ENV:req}
</Location>

Include /opt/conf/application1.conf
Include /opt/conf/application2.conf
Include /opt/conf/ application3.conf

Regards,
Sathish Vijayan


Det h?r e-postmeddelandet kan inneh?lla personuppgifter om dig som s?ndare eller mottagare
samt om andra personer. Information om hur vi p? Tre behandlar personuppgifter finns att l?sa
p? www.tre.se/gdpr.

Mime
View raw message