[users@httpd] How to Enable HTML Forms Based Authentication with dynamic TARGET / LOCATION URL redirect

Sun, 22 Aug 2021 20:02:59 -0700 

Hi All,

I am trying to enable HTML Forms Based Authentication in Apache web server.
I am able to test the basic setup with the below configuration, but I am
looking for some help to handle the TARGET / LOCATION URLs dynamically
instead of redirecting the users to a static URL.

*Scenario*:
1. User accesses a protected URL (The protected URL will have many query
string parameters with dynamic values)
https://test.app.com/secure/app/securepage.html?{param1}={value1}&{param2}={value2}

2. Apache web server's HTML Forms Based Authentication should kick in and
redirect the user to the Login URL

https://test.app.com/public/login.html

3. User enters credentials and authenticates successfully

4. User should be redirected back to the original protected URL which was
accessed on step #1


*Configuration Changes done so far*:

Apache Web Server Configuration :
=================================

LoadModule request_module mod_request.so
LoadModule auth_form_module mod_auth_form.so
LoadModule session_module mod_session.so
LoadModule session_cookie_module mod_session_cookie.so
LoadModule authnz_ldap_module mod_authnz_ldap.so
LoadModule authn_core_module mod_authn_core.so
LoadModule ldap_module mod_ldap.so
LoadModule auth_basic_module mod_auth_basic.so
LoadModule authz_user_module mod_authz_user.so

<LocationMatch "/secure/app">
               SetHandler form-login-handler
               AuthFormProvider ldap
               Include ldap.conf
               AuthType form
               AuthName "Enter your credentials"
               AuthFormLoginRequiredLocation "
https://test.app.com/public/login.html
               Session On
               SessionCookieName WSSESSION path=/;domain=.app.com
;httponly;secure;
               SessionMaxAge 0
               <RequireAny>
                      Require valid-user
               </RequireAny>
</LocationMatch>



HTML Code of https://test.app.com/public/login.html:
====================================================
<form method="POST" action="/secure/app">
  Username: <input type="text" name="httpd_username" value="" />
  Password: <input type="password" name="httpd_password" value="" />
  <input type="submit" name="login" value="Login" />
</form>


The basic configuration is working fine, but I am not sure how to retain
the original URL user has accessed to redirect the user back to that URL
after authentication.

Please let me know for any further details.

I hope you can provide some direction for this use case. THANK YOU.


-- 
Thanks & Regards,
Gopi ReddyIrala

Reply via email to