We are trying to implement authentication proxy from Apache httpd. This should secure application that uses Basic Authentication but user should authenticate with httpd's authentication (mod_auth_cas in our case).
I can add RequestHeader with proper Authorised value that sends credentials to application but it's static with just one user that authenticates.
Is there some way to set RequestHeader value with script? Or some other method to build such authentication proxy?
I'm already considering cgi script that will handle the proxy function. But that seems to me like highway to hell.
Best Answer
This is almost a solution:
(See the mod_rewrite docs for an explanation of why
LA-U
is needed.)But there's one thing missing: the user's password. In the above I used the REMOTE_PASS environment variable as if that will be set, but usually there is no such variable.
You are going to have to somehow get mod_auth_cas to put the user's password into an environment variable, say REMOTE_PASS, or get it from a request header. Without the user's password, you don't have enough information to set the Authorization header.