Skip to main content
Version: 8.2411.x.x RR

AuthenticationFilter

The AuthenticationFilter is used for third-party login server integration, where the login server acts like a normal backend server. As long as the requirements are not fulfilled, the AuthenticationFilter will redirect the request back to the configured login server. The AuthenticationFilter must be mapped on the application and on the login server path.

Classname
ch::nevis::nevisproxy::filter::auth::AuthenticationFilter
Library
libAuthenticationFilters

Configuration

Requirements

Type: string
Syntax: <source>:<name>:<regex>
Usage Constraints: required, conditional
Supported pragmas: continue (default), break

Newline-separated list of requirement rules, where

  • <source>: ENV, AUTH, HEADER, PARAM, or SESSION
  • <name>: the name in the given source
  • <regex>: the regexp that has to match to fulfill the requirement

AuthServiceUrl

Type: string
Usage Constraints: required, conditional
Supported pragmas: break

The url on which the auth-service has been mapped.

AuthenticationType

Type: Enum
Possible values: HeaderBased
Usage Constraints: required

The auth-type to use. Currently, only HeaderBased is supported.

HeaderBased.RequestedUrlHeader

Type: string
Usage Constraints: required if the AuthenticationType is HeaderBased

The header which contains the 'orginal' request uri to send to the authentication service.

HeaderBased.KillResponseHeader

Type: string
Syntax: <header-name>[:<header-value>]
Usage Constraints: optional
Default: kill

The header that the auth service sets, if the session should be killed (logout). This parameter will only be evaluated if the AuthenticationType is HeaderBased. The <header-name> is mandatory, <header-value> is an optional regex.

HeaderBased.AuthResponseHeader

Type: string
Syntax: <responseHeaderName_regex>:<value_regex>:<sessionAttributeName>:<substitution_regex>
Usage Constraints: required if the AuthenticationType is HeaderBased, conditional
Supported pragmas:continue

A newline-separated list of the response headers that should be written into the session.

HeaderBased.SessionIdRequestHeader

Type: string
Usage Constraints: optional

The request header where we send the session id to the auth service. This parameter will only be evaluated if the AuthenticationType is HeaderBased.

RequestedUrlParamName

Type: string
Usage Constraints: optional, advanced
Default: RequestedUri

The parameter name under which the original url should be added in the query.

InactivityTimeout

Type: integer
Unit: seconds
Usage Constraints: optional, advanced, conditional
Supported pragmas: break

The inactivity timeout of the session. The value itself may contain values from the session etc. E.g.: ENV:newInactiveTimeout will take the value newInactiveTimeout from the ENV (the value must contain a valid number).

ReauthenticationTimeout

Type: integer
Unit: seconds
Usage Constraints: optional, advanced, conditional
Supported pragmas: break

The timeout after a reauthentication is required. For a reauthentication all required session-attributes will be removed, but the session itself will not be invalidated. The value itself may contain values from the session etc. E.g.: ENV:newReauthTimeout will take the value newReauthTimeout from the ENV (the value must contain a valid number).

MaxLifeTime

Type: integer
Unit: seconds
Usage Constraints: optional, advanced, conditional
Supported pragmas: break

The maximal lifetime of the session. The value itself may contain values from the session etc. E.g.: ENV:newMaximalLifetime will take the value newMaximalLifetime from the ENV (the value must contain a valid number).