AuthenticationFilter
The AuthenticationFilter is used for third-party login server integration, where the login server acts like a normal backend server. As long as the requirements are not fulfilled, the AuthenticationFilter will redirect the request back to the configured login server. The AuthenticationFilter must be mapped on the application and on the login server path.
Classname
ch::nevis::nevisproxy::filter::auth::AuthenticationFilter
Library
libAuthenticationFilters
Configuration
| Name | Type, Usage Constraints, Defaults | Description |
|---|---|---|
| Requirements | String required, conditional Supported pragmas: continue (default), break | Newline-separated strings of the following format:<source>:<name>:<regex> <source: ENV, AUTH, HEADER, PARAM, or SESSION <name>: the name in the given source; <regex> the regexp that has to match to fulfill the requirement. |
| AuthServiceUrl | String required, conditional Pragma: break, Pragma: continue is not supported | The url on which the auth-service has been mapped. |
| AuthenticationType | enum: HeaderBased required | The auth-type to use. Currently, only 'HeaderBased' supported. |
| HeaderBased.RequestedUrlHeader | String required | The header which contains the 'orginal' request uri to send to the authentication service. |
| HeaderBased.KillResponseHeader | String required | The header that the auth service sets, if the session should be killed (logout). Syntax: <header-name>[:<header-value>] Where <header-name> is mandatory, <header-value> is an optional regex. |
| HeaderBased.AuthResponseHeader | required, conditional Supported pragmas: continue | A newline-separated list of the Response Headers that should be written into the session: <regex for the responseHeaderName>:<regex for the value>:<sessionAttributeName>:<regex for the substitution to set>. |
| HeaderBased.SessionIdRequestHeader | String optional | A newline-separated list of the Response Headers that should be written into the session: The request header where we send the session id to the auth service. |
| RequestedUrlParamName | String optional, advanced Default: RequestedUri | The parameter name under which the original url should be added in the query. |
| InactivityTimeout | Integer optional, advanced | The inactivity timeout of the session (in seconds). Conditions are supported (Pragma: continue not supported). The value itself may contain values from the session etc. E.g.: ENV:newInactiveTimeout. Will take the value 'newInactiveTimeout' from the ENV (the value must contain a valid number). |
| ReauthenticationTimeout | Integer optional, advanced | The timeout (in seconds) after a reauthentication is required. For a reauthentication all required session-attributes will be removed, but the session itself will not be invalidated. Conditions are supported (Pragma: continue not supported). The value itself may contain values from the session etc. E.g.: ENV:newReauthTimeout. Will take the value 'newReauthTimeout' from the ENV (the value must contain a valid number). |
| MaxLifeTime | Integer optional, advanced | The maximal lifetime of the session (in seconds). Conditions are supported (Pragma: continue not supported). The value itself may contain values from the session etc. E.g.: ENV:newMaximalLifetime. Will take the value newMaximalLifetime from the ENV (the value must contain a valid number). |