Reverse-proxy authentication #28
Assignees
Labels
Comments
|
If a trusted reverse proxy injects a REMOTE_USER (or some other header), and you don't want to grant access on the mere fact that a user name was passed, then you still need some mapping which users are allowed to access which resources, so you plan to use WsgiDAVDomainController? We might add an option to the http_authenticator middleware like trusted_auth_header = "REMOTE_USER"that will copy this header content to environ["http_authenticator.username"]. |
|
Should be implemented by 4fc1b58, please test... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello !
Thanks for this grate project. And I have one request for you.
I need to authenticate my users against LDAP. As wsgidav does not have this middleware, I use my nginx configuration to do it before proxying to wsgidav. In short :
user ---> nginx (with ldap authentication) ---> uwsgi running wsgidav
Nginx filters well the users, but wsgidav does not know about them, even if the REMOTE_USER variable is passed.
As I would like to restrict certain folders to a few users, wsgidav needs to know them, at least their username, which is passed with REMOTE_USER. And I do not want to either have a second authentication inside wsgidav nor can i remove the ldap authentication from nginx and enter manually each user/password in the wsgidav configuration.
I think #11 was talking about it, but I seek in the configuration and it seems that scenario is not possible yet.
Adding this possibility really would be great.
The text was updated successfully, but these errors were encountered: