AuthenticationFilter
The AuthenticationFilter is used for third-party login server integration, where the login server acts like a normal backend server. As long as the requirements are not fulfilled, the AuthenticationFilter will redirect the request back to the configured login server. The AuthenticationFilter must be mapped on the application and on the login server path.
ch::nevis::nevisproxy::filter::auth::AuthenticationFilter
libAuthenticationFilters
Configuration
Requirements
Type: string
Usage Constraints: required, conditions are supported
Supported pragmas:continue (default), break
Newline-separated strings of the following format:
<source>:<name>:<regex>
<source>: ENV, AUTH, HEADER, PARAM, or SESSION
<name>: the name in the given source
<regex>: the regexp that has to match to fulfill the requirement
AuthServiceUrl
Type: string
Usage Constraints: required, conditions are supported
Supported pragmas: break (continue is not supported)
The url on which the auth-service has been mapped.
AuthenticationType
Type: enum: HeaderBased
Usage Constraints: required
The auth-type to use. Currently, only HeaderBased is supported.
HeaderBased.RequestedUrlHeader
Type: string
Usage Constraints: required if the AuthenticationType is HeaderBased
The header which contains the 'orginal' request uri to send to the authentication service.
HeaderBased.KillResponseHeader
Type: string
Usage Constraints: optional
Default: kill
This parameter will only be evaluated if the AuthenticationType is HeaderBased.
The header that the auth service sets, if the session should be killed (logout).
Syntax: <header-name>[:<header-value>]
Where <header-name> is mandatory, <header-value> is an optional regex.
HeaderBased.AuthResponseHeader
Type: string
Usage Constraints: required if the AuthenticationType is HeaderBased, conditions are supported
Supported pragmas:continue
A newline-separated list of the Response Headers that should be written into the session:
Syntax: <regex for the responseHeaderName>:<regex for the value>:<sessionAttributeName>:<regex for the substitution to set>.
HeaderBased.SessionIdRequestHeader
Type: string
Usage Constraints: optional
This parameter will only be evaluated if the AuthenticationType is HeaderBased.
The request header where we send the session id to the auth service.
RequestedUrlParamName
Type: string
Usage Constraints: optional, advanced
Default: RequestedUri
The parameter name under which the original url should be added in the query.
InactivityTimeout
Type: integer
Usage Constraints: optional, advanced, conditions are supported
Supported pragmas: break (continue is not supported)
The inactivity timeout of the session (in seconds). The value itself may contain values from the session etc. E.g.: ENV:newInactiveTimeout will take the value newInactiveTimeout from the ENV (the value must contain a valid number).
ReauthenticationTimeout
Type: integer
Usage Constraints: optional, advanced, conditions are supported
Supported pragmas: break (continue is not supported)
The timeout (in seconds) after a reauthentication is required. For a reauthentication all required session-attributes will be removed, but the session itself will not be invalidated. The value itself may contain values from the session etc. E.g.: ENV:newReauthTimeout will take the value newReauthTimeout from the ENV (the value must contain a valid number).
MaxLifeTime
Type: integer
Usage Constraints: optional, advanced, conditions are supported
Supported pragmas: break (continue is not supported)
The maximal lifetime of the session (in seconds). The value itself may contain values from the session etc. E.g.: ENV:newMaximalLifetime will take the value newMaximalLifetime from the ENV (the value must contain a valid number).