Authenticate each user once for multiple applications

Authenticate each user once for multiple applications

am 13.11.2009 17:00:05 von Yungwei Chen

--_000_33095823FD21DF429B481B5163264B793F40DE3390VMBX102ihos te_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi,

I have a reverse proxy server that forwards to requests to an internal apac=
he server. Here's the configuration on how the reverse proxy server works.

Order Deny,Allow
Deny from all
Allow from ...
ProxyPass https://111.111.111.111/rpt
ProxyPassReverse https://111.111.111.111/rpt
ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100
AuthName "Restricted Access"
AuthType Basic
AuthUserFile /etc/httpd/passwd/htpasswd.users
Require valid-user


Then I added the following to the same conf file on the reverse proxy serve=
r for another application.
I first accessed the rpt application in a web browser, and then I was asked=
to enter id and password as expected.
Then I hit rpt2 in the same browser session, and then I was asked to enter =
id and password again.
My question is: How can I tell the reverse proxy server to authenticate eac=
h user just once in this case?

Order Deny,Allow
Deny from all
Allow from ...
ProxyPass https://111.111.111.111/rpt2
ProxyPassReverse https://111.111.111.111/rpt2
ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100
AuthName "Restricted Access"
AuthType Basic
AuthUserFile /etc/httpd/passwd/htpasswd.users
Require valid-user


Thanks.


--_000_33095823FD21DF429B481B5163264B793F40DE3390VMBX102ihos te_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">


>









Hi,



 



I have a reverse proxy server that forwards to request=
s to an
internal apache server. Here's the configuration on how the reverse proxy
server works.



    <Location /rpt > p>

       Order Deny,Allow<=
o:p>



       Deny from all >



       Allow from ... p>



   
   ProxyPass       
https://111.111.111.111/rpt



       ProxyPassReverse =
https://111.111.111.111/rpt



      
ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100



       AuthName
"Restricted Access"



       AuthType Basic p>



       AuthUserFile
/etc/httpd/passwd/htpasswd.users



       Require valid-use=
r



   </Location>



 



Then I added the following to the same conf file on th=
e
reverse proxy server for another application.



I first accessed the rpt application in a web browser,=
and
then I was asked to enter id and password as expected.



Then I hit rpt2 in the same browser session, and then =
I was
asked to enter id and password again.



My question is: How can I tell the reverse proxy serve=
r to
authenticate each user just once in this case?



    <Location /rpt2 ><=
/p>

       Order Deny,Allow<=
o:p>



       Deny from all >



       Allow from ... p>



       ProxyPass &n=
bsp;     
https://111.111.111.111/rpt2



       ProxyPassReverse
https://111.111.111.111/rpt2



      
ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100



       AuthName
"Restricted Access"



       AuthType Basic p>



       AuthUserFile
/etc/httpd/passwd/htpasswd.users



       Require valid-use=
r



   </Location>



 



Thanks.



 









--_000_33095823FD21DF429B481B5163264B793F40DE3390VMBX102ihos te_--

Re: Authenticate each user once for multiple

am 13.11.2009 17:14:34 von Eric Covener

On Fri, Nov 13, 2009 at 11:00 AM, Yungwei Chen wrote:
> My question is: How can I tell the reverse proxy server to authenticate each
> user just once in this case?

It authenticates you on every request, but your browser doesn't bother
to prompt you when something is a sub-location of where you previously
authenticated. Can you put these two URL's under a common root? Your
browser would stop prompting.

--
Eric Covener
covener@gmail.com

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Authenticate each user once for multiple

am 13.11.2009 17:17:58 von Peter Schober

* Yungwei Chen [2009-11-13 17:00]:
>
> Order Deny,Allow
> Deny from all
> Allow from ...
> ProxyPass https://111.111.111.111/rpt
> ProxyPassReverse https://111.111.111.111/rpt
> ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100
> AuthName "Restricted Access"
> AuthType Basic
> AuthUserFile /etc/httpd/passwd/htpasswd.users
> Require valid-user
>
[...]
>
> Order Deny,Allow
> Deny from all
> Allow from ...
> ProxyPass https://111.111.111.111/rpt2
> ProxyPassReverse https://111.111.111.111/rpt2
> ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100
> AuthName "Restricted Access"
> AuthType Basic
> AuthUserFile /etc/httpd/passwd/htpasswd.users
> Require valid-user
>

If this indeed is representative of your site's structure you could
simply have one (or just '/') proxying to
https://111.111.111.111/ and you should be able to access /foo/rpt,
/foo/rpt2. etc.
-peter

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: Authenticate each user once for multipleapplications

am 13.11.2009 17:39:06 von Yungwei Chen

The proxy server also needs to forward some requests (/nagios) to another i=
nternal apache server. Any suggestions in this case?

-----Original Message-----
From: Peter Schober [mailto:peter.schober@univie.ac.at]=20
Sent: Friday, November 13, 2009 10:18 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Authenticate each user once for multiple applica=
tions

* Yungwei Chen [2009-11-13 17:00]:
>
> Order Deny,Allow
> Deny from all
> Allow from ...
> ProxyPass https://111.111.111.111/rpt
> ProxyPassReverse https://111.111.111.111/rpt
> ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100
> AuthName "Restricted Access"
> AuthType Basic
> AuthUserFile /etc/httpd/passwd/htpasswd.users
> Require valid-user
>
[...]
>
> Order Deny,Allow
> Deny from all
> Allow from ...
> ProxyPass https://111.111.111.111/rpt2
> ProxyPassReverse https://111.111.111.111/rpt2
> ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100
> AuthName "Restricted Access"
> AuthType Basic
> AuthUserFile /etc/httpd/passwd/htpasswd.users
> Require valid-user
>

If this indeed is representative of your site's structure you could
simply have one (or just '/') proxying to
https://111.111.111.111/ and you should be able to access /foo/rpt,
/foo/rpt2. etc.
-peter

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Authenticate each user once for multiple

am 13.11.2009 17:59:30 von Peter Schober

* Yungwei Chen [2009-11-13 17:39]:
> The proxy server also needs to forward some requests (/nagios) to
> another internal apache server. Any suggestions in this case?

Exclude those from the proxy pass?
-peter

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: Authenticate each user once for multiple applications

am 13.11.2009 18:37:02 von Yungwei Chen

--_000_33095823FD21DF429B481B5163264B793F40DE33E0VMBX102ihos te_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I just found that using the same value of AuthName for each application see=
ms to solve my problem. Is it the right way to go?

From: Yungwei Chen [mailto:yungwei@resolvity.com]
Sent: Friday, November 13, 2009 10:00 AM
To: users@httpd.apache.org
Subject: [users@httpd] Authenticate each user once for multiple application=
s

Hi,

I have a reverse proxy server that forwards to requests to an internal apac=
he server. Here's the configuration on how the reverse proxy server works.

Order Deny,Allow
Deny from all
Allow from ...
ProxyPass https://111.111.111.111/rpt
ProxyPassReverse https://111.111.111.111/rpt
ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100
AuthName "Restricted Access"
AuthType Basic
AuthUserFile /etc/httpd/passwd/htpasswd.users
Require valid-user


Then I added the following to the same conf file on the reverse proxy serve=
r for another application.
I first accessed the rpt application in a web browser, and then I was asked=
to enter id and password as expected.
Then I hit rpt2 in the same browser session, and then I was asked to enter =
id and password again.
My question is: How can I tell the reverse proxy server to authenticate eac=
h user just once in this case?

Order Deny,Allow
Deny from all
Allow from ...
ProxyPass https://111.111.111.111/rpt2
ProxyPassReverse https://111.111.111.111/rpt2
ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100
AuthName "Restricted Access"
AuthType Basic
AuthUserFile /etc/httpd/passwd/htpasswd.users
Require valid-user


Thanks.


--_000_33095823FD21DF429B481B5163264B793F40DE33E0VMBX102ihos te_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">


>









I just found that using the same value of AuthName for=
each
application seems to solve my problem. Is it the right way to go? >



 =





0in 0in'>

","sans-serif"'>From: style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"' > Yungwei Chen
[mailto:yungwei@resolvity.com]

Sent: Friday, November 13, 2009 10:00 AM

To: users@httpd.apache.org

Subject: [users@httpd] Authenticate each user once for multiple
applications







 



Hi,



 



I have a reverse proxy server that forwards to request=
s to
an internal apache server. Here's the configuration on how the reverse prox=
y
server works.



    <Location /rpt > p>

       Order Deny,Allow<=
o:p>



       Deny from all >



       Allow from ... p>



   
   ProxyPass       
https://111.111.111.111/rpt



       ProxyPassReverse
https://111.111.111.111/rpt



      
ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100



       AuthName
"Restricted Access"



       AuthType Basic p>



       AuthUserFile
/etc/httpd/passwd/htpasswd.users



       Require valid-use=
r



   </Location>



 



Then I added the following to the same conf file on th=
e
reverse proxy server for another application.



I first accessed the rpt application in a web browser,=
and
then I was asked to enter id and password as expected.



Then I hit rpt2 in the same browser session, and then =
I was
asked to enter id and password again.



My question is: How can I tell the reverse proxy serve=
r to
authenticate each user just once in this case?



    <Location /rpt2 ><=
/p>

       Order Deny,Allow<=
o:p>



       Deny from all >



       Allow from ... p>



   
   ProxyPass       
https://111.111.111.111/rpt2



       ProxyPassReverse
https://111.111.111.111/rpt2



      
ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100



       AuthName
"Restricted Access"



       AuthType Basic p>



       AuthUserFile
/etc/httpd/passwd/htpasswd.users



       Require valid-use=
r



   </Location>



 



Thanks.



 









--_000_33095823FD21DF429B481B5163264B793F40DE33E0VMBX102ihos te_--