Skip to main content
Version: 7.2405.x.x LTS

AuthenticationFilter

The AuthenticationFilter is used for third-party login server integration, where the login server acts like a normal backend server. As long as the requirements are not fulfilled, the AuthenticationFilter will redirect the request back to the configured login server. The AuthenticationFilter must be mapped on the application and on the login server path.

Classname
ch::nevis::nevisproxy::filter::auth::AuthenticationFilter

Library

libAuthenticationFilters

Configuration

Requirements

Type: string
Usage Constraints: required, conditions are supported
Supported pragmas:continue (default), break

Newline-separated strings of the following format:
<source>:<name>:<regex>

<source>: ENV, AUTH, HEADER, PARAM, or SESSION
<name>: the name in the given source
<regex>: the regexp that has to match to fulfill the requirement

AuthServiceUrl

Type: string
Usage Constraints: required, conditions are supported
Supported pragmas: break (continue is not supported)

The url on which the auth-service has been mapped.

AuthenticationType

Type: enum: HeaderBased
Usage Constraints: required

The auth-type to use. Currently, only HeaderBased is supported.

HeaderBased.RequestedUrlHeader

Type: string
Usage Constraints: required if the AuthenticationType is HeaderBased

The header which contains the 'orginal' request uri to send to the authentication service.

HeaderBased.KillResponseHeader

Type: string
Usage Constraints: optional
Default: kill

This parameter will only be evaluated if the AuthenticationType is HeaderBased.
The header that the auth service sets, if the session should be killed (logout).
Syntax: <header-name>[:<header-value>]
Where <header-name> is mandatory, <header-value> is an optional regex.

HeaderBased.AuthResponseHeader

Type: string
Usage Constraints: required if the AuthenticationType is HeaderBased, conditions are supported
Supported pragmas:continue

A newline-separated list of the Response Headers that should be written into the session:
Syntax: <regex for the responseHeaderName>:<regex for the value>:<sessionAttributeName>:<regex for the substitution to set>.

HeaderBased.SessionIdRequestHeader

Type: string
Usage Constraints: optional

This parameter will only be evaluated if the AuthenticationType is HeaderBased.
The request header where we send the session id to the auth service.

RequestedUrlParamName

Type: string
Usage Constraints: optional, advanced
Default: RequestedUri

The parameter name under which the original url should be added in the query.

InactivityTimeout

Type: integer
Usage Constraints: optional, advanced, conditions are supported
Supported pragmas: break (continue is not supported)

The inactivity timeout of the session (in seconds). The value itself may contain values from the session etc. E.g.: ENV:newInactiveTimeout will take the value newInactiveTimeout from the ENV (the value must contain a valid number).

ReauthenticationTimeout

Type: integer
Usage Constraints: optional, advanced, conditions are supported
Supported pragmas: break (continue is not supported)

The timeout (in seconds) after a reauthentication is required. For a reauthentication all required session-attributes will be removed, but the session itself will not be invalidated. The value itself may contain values from the session etc. E.g.: ENV:newReauthTimeout will take the value newReauthTimeout from the ENV (the value must contain a valid number).

MaxLifeTime

Type: integer
Usage Constraints: optional, advanced, conditions are supported
Supported pragmas: break (continue is not supported)

The maximal lifetime of the session (in seconds). The value itself may contain values from the session etc. E.g.: ENV:newMaximalLifetime will take the value newMaximalLifetime from the ENV (the value must contain a valid number).