AuthBasic Handler

Presentation

The AuthBasic Handler is a special Handler using AuthBasic method to authenticate and grante access to a virtual host.

The Handler sends a WWW-Authenticate header to the client, to request user id and password. Then it checks credentials by using LL::NG REST web service (REST session service must be enabled in the manager). Once session is granted, the Handler will check authorizations like the standard Handler.

This feature can be useful to allow a third party application to access a virtual host with user credentials by sending a Basic challenge to it.

Configuration

Virtual host

You just have to set “Type: AuthBasic” in the virtualHost options in the manager.

If you want to protect only a virtualHost part, keep type on “Main” and set type in your configuration file:

  • Apache: use simply a PerlSetVar VHOSTTYPE AuthBasic
  • Nginx: create another FastCGI with a fastcgi_param VHOSTTYPE = AuthBasic; (and remove error_page 401)

Nginx

Since 1.9.6, LLNG FastCGI server can handle AuthBasic handler. To call it, you just have to add fastcgi_param VHOSTTYPE AuthBasic; in the FastCGI server call and remove error_page 401 directive:

location = /lmauth {
  internal;
  include /etc/nginx/fastcgi_params;
  fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
  fastcgi_param VHOSTTYPE AuthBasic;

  # Drop post datas
  fastcgi_pass_request_body  off;
  fastcgi_param CONTENT_LENGTH "";

  # Keep original hostname
  fastcgi_param HOST $http_host;

  # Keep original request (LLNG server will receive /lmauth)
  fastcgi_param X_ORIGINAL_URI  $request_uri;
}
location / {
  ...
  ##################################
  # CALLING AUTHENTICATION         #
  ##################################
  auth_request /lmauth;
  auth_request_set $lmremote_user $upstream_http_lm_remote_user;
  auth_request_set $lmlocation $upstream_http_location;
  # Remove this for AuthBasic handler
  #error_page 401 $lmlocation;
  ...
}

Handler parameters

No parameters needed. But you have to allow sessions web services, see REST sessions backend.