trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh North <>
Subject Re: Authproxy plugin with different auth/origin servers
Date Thu, 13 Oct 2016 04:19:12 GMT
That helps. Through some more troubleshooting, I removed the authproxy line from the reverse
map and it is mostly working. The remaining error I have is in one application that uses a
json PUT. The app work until the user uses that function, and ATS returns a 500 method not
allowed. Going directly to the source server works though. 

I'm wondering if it has anything to do with every single request getting forwarded to the
http auth server first. 

Thank you for the tip on debug flags, I will continue to play with that and see what I can

On Oct 12, 2016, James Peach <> wrote:
>> On Sep 30, 2016, at 10:08 AM, Josh North <>
>> Hello,
>> I am using ATS as a reverse proxy.  I have been requested to set up
>> some URL's to use LDAP authentication with a directory server.  I
>> found the authproxy plugin and configured it, and it successfully
>> authenticates/denies, but then returns a 404(or if I add an internal
>> map to the auth server, the browser tries to take me there).  I feel
>> am missing a very basic concept so I apologize.
>> Here is my expectation based on how I have remap.config set up:
>> 1.  Browser requests
>> 2.  ATS uses to authenticate if the
>> is allowed
>> 3.  If not allowed, just fail however it wants to, don;t care
>> 4.  if allowed, reverse proxy to
>> Instead, at step 4, after a successful user/pass, I just get a
>> redirect to, which fails because that
>> server is not publicly available and does not have the content that
>> privateserver has.
>> remap.config
>> --------------------------
>> # LDAP Auth Server
>> map 
>> # Private Server
>> map
>> @pparam=--auth-transform=redirect
>> @pparam=--auth-port=80
>This looks reasonable.
>> reverse_map
>> @pparam=--auth-transform=redirect
>> @pparam=--auth-port=80
>reverse_map is used to rewrite response headers, so it is might not be
>what you want. If it is what you want, I’m not sure that you want to
>attach the authproxy plugin to it.
>Generally, authproxy will need a map to use for the auth server, so
>maybe something like this:
>map \
> \
>	@internal
>If you need to debug authproxy itself, try traffic_server -T

View raw message