I've written an additional feature into the Auth Request module (from http://mdounin.ru/hg/ngx_http_auth_request_module/) that allows a user to control the behaviour of the auth_request in such a way that it can act as a FastCGI authorizer. This patch that I have written allows the user to specify the flag "authorizer=on" against a call to "auth_request" (eg "auth_request /my-auth authorizer=on;") and the auth request module will behave as per the authorizer specification (http://www.fastcgi.com/drupal/node/22#S6.3).
There is one (potentially significant) caveat for now is that request/response bodies are not passed to the authorizer or back to the client respectively - assistance on this would be greatly appreciated. However, as it stands at present, the authorizer mode is able to correctly handle situations where only the headers are utilised -- eg the Shibboleth SSO FastCGI authorizer which relies on redirection and cookies and never a response/request body. This satisfies at least what I need it for at present and authentication works successfully. I'd like to see about whether this can be included within the main module itself at http://mdounin.ru/hg/ngx_http_auth_request_module, as I know this will be useful to more than just me. For example, see the various posts and questions surrounding this: https://www.google.com/search?q=fastcgi+authorizer+nginx . The latest version of my module lives at: https://bitbucket.org/davidjb/ngx_http_auth_request_module and the one main diff is located at: https://bitbucket.org/davidjb/ngx_http_auth_request_module/commits/3d865a718d3e34e4e353962ccc71c588a806db31/raw/ Comments are more than welcome. Thanks, David Posted at Nginx Forum: http://forum.nginx.org/read.php?2,238523,238523#msg-238523 _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
