-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cache authentication sessions #5
Comments
Doesn't seem to be possible, since Traefik doesn't forward Response-Headers if the Response-Code is between 200 and 300. Seems like this has to be rewritten as reverse-proxy. |
Cool project, thanks for the work! While I'm not doing this for the ldap support in my project I have a similar need to support oauth2/openid. You can do the following:
The trouble with this is it can change the verb of the request. ie: if a 'session' was initiated with a Hope that helps! I support ldap auth with dynamic configuration (ie: supports multiple ldap configurations behind a single deployment) in a new project I started: https://github.com/travisghansen/external-auth-server You may be interested in checking it out. |
If you just want to reduce the # of requests to the ldap server you can do so with some layer of cache. I do this for ldap support in my project. The basic idea is I hash the authentication header/base64 creds and if auth succeeds create a cache entry with that value as the key. When subsequent requests come through I'm assured the same username/password are being sent and can check for the existence of the cache entry. It keeps secrets out of the cache while still ensuring proper credentials have been sent. |
Thanks for your suggestion @travisghansen. Will check this out. But should it not also be possible to respond with Some layer of cache will also be implemented. Also thought about hashing username/password and even storing the cache in memcached/redis (maybe optional), so they keep care about TTL. |
Yeah 307 would be cool if it works. Try and let me know. That's exactly what I do for TTL and cache. I'm using a library so it's easy to switch active backends but in prod I use redis. |
@travisghansen seems to be working just fine with Test scenario was a simple index.html with post form to /print.php which prints used request method and received form value. Before submitting the form I deleted the session cookie in my browser to force reauthentication and index.html <!DOCTYPE html>
<html>
<head>
<title>POST Test</title>
</head>
<body>
<form method="POST" action="/print.php">
<input type="email" name="email" required>
<button type="submit">TEST</button>
</form>
</body>
</html> print.php <!DOCTYPE html>
<html>
<head>
<title>Method Test</title>
</head>
<body>
<pre>
<?php
echo "Request Method: " . $_SERVER['REQUEST_METHOD'] . "\n";
echo "Email: " . $_POST['email'] . "\n";
?>
</pre>
</body>
</html> |
Yeah wow that's very cool and good to know. |
Currently there is no cache mechanism for authentication. This leads to many ldap authentication requests.
Session Cookie?
The text was updated successfully, but these errors were encountered: