AuthenticationFilter
The AuthenticationFilter is used for third-party login server integration, where the login server acts like a normal backend server. As long as the requirements are not fulfilled, the AuthenticationFilter will redirect the request back to the configured login server. The AuthenticationFilter must be mapped on the application and on the login server path.
ch::nevis::nevisproxy::filter::auth::AuthenticationFilter
libAuthenticationFilters
Configuration
Requirements
Type: string
Syntax: <source>:<name>:<regex>
Usage Constraints: required, conditional
Supported pragmas: continue (default), break
Newline-separated list of requirement rules, where
<source>
: ENV, AUTH, HEADER, PARAM, or SESSION<name>
: the name in the given source<regex>
: the regexp that has to match to fulfill the requirement
AuthServiceUrl
Type: string
Usage Constraints: required, conditional
Supported pragmas: break
The url on which the auth-service has been mapped.
AuthenticationType
Type: Enum
Possible values: HeaderBased
Usage Constraints: required
The auth-type to use. Currently, only HeaderBased
is supported.
HeaderBased.RequestedUrlHeader
Type: string
Usage Constraints: required if the AuthenticationType is HeaderBased
The header which contains the 'orginal' request uri to send to the authentication service.
HeaderBased.KillResponseHeader
Type: string
Syntax: <header-name>[:<header-value>]
Usage Constraints: optional
Default: kill
The header that the auth service sets, if the session should be killed (logout).
This parameter will only be evaluated if the AuthenticationType is HeaderBased
. The <header-name>
is mandatory, <header-value>
is an optional regex.
HeaderBased.AuthResponseHeader
Type: string
Syntax: <responseHeaderName_regex>:<value_regex>:<sessionAttributeName>:<substitution_regex>
Usage Constraints: required if the AuthenticationType is HeaderBased
, conditional
Supported pragmas:continue
A newline-separated list of the response headers that should be written into the session.
HeaderBased.SessionIdRequestHeader
Type: string
Usage Constraints: optional
The request header where we send the session id to the auth service. This parameter will only be evaluated if the AuthenticationType is HeaderBased
.
RequestedUrlParamName
Type: string
Usage Constraints: optional, advanced
Default: RequestedUri
The parameter name under which the original url should be added in the query.
InactivityTimeout
Type: integer
Unit: seconds
Usage Constraints: optional, advanced, conditional
Supported pragmas: break
The inactivity timeout of the session. The value itself may contain values from the session etc. E.g.: ENV:newInactiveTimeout
will take the value newInactiveTimeout
from the ENV (the value must contain a valid number).
ReauthenticationTimeout
Type: integer
Unit: seconds
Usage Constraints: optional, advanced, conditional
Supported pragmas: break
The timeout after a reauthentication is required. For a reauthentication all required session-attributes will be removed, but the session itself will not be invalidated. The value itself may contain values from the session etc. E.g.: ENV:newReauthTimeout
will take the value newReauthTimeout
from the ENV (the value must contain a valid number).
MaxLifeTime
Type: integer
Unit: seconds
Usage Constraints: optional, advanced, conditional
Supported pragmas: break
The maximal lifetime of the session. The value itself may contain values from the session etc. E.g.: ENV:newMaximalLifetime
will take the value newMaximalLifetime
from the ENV (the value must contain a valid number).