On 10/3/2023 1:17 AM, Per-Erik Gustafsson wrote:
Hi,
I am using JSON authentication and now it would be nice if I could hide
the actual JSON authentication string in a keystore, and send login as
GET myserver/?key=abc-123.
The actual value would the be fetched from keystore and in Nginx the
proxy_pass call would be like proxy_pass .../?data=$actualjson
I have tested a solution like this but can not get it working.
The log says
http-nio-8080-exec-5] DEBUG o.a.g.r.auth.AuthenticationService -
Anonymous authentication attempt from [10.x.x.x, 10.x.x] failed.
When I copy the ?data=xxx from tomcat log and run it in my browser I get
logged in.
Any suggestions how to get it working?
The "#/?data=THEJSON" portion of the URL has to be visible to JavaScript
to be passed on during the authentication process. Attempting to pass
things through "proxy_pass" will not have the same effect; it has to be
visible to the user's browser so that the client side of the webapp can
hand it off to the authentications service.
Part of the reason the JSON is encrypted and signed is to allow it to be
safely included in the URL. I would suggest doing so if intending to
dynamically authenticate and authorize users using the JSON extension.
The alternative would be to write your own authentication extension that
authenticates and authorizes users however you wish.
- Mike
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
