How to Enable HTML Forms Based Authentication with dynamic TARGET / LOCATION URL redirect

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi All,

I am trying to enable HTML Forms Based Authentication in Apache web server. I am able to test the basic setup with the below configuration, but I am looking for some help to handle the TARGET / LOCATION URLs dynamically instead of redirecting the users to a static URL.

Scenario:
1. User accesses a protected URL (The protected URL will have many query string parameters with dynamic values)
https://test.app.com/secure/app/securepage.html?{param1}={value1}&{param2}={value2}

2. Apache web server's HTML Forms Based Authentication should kick in and redirect the user to the Login URL

https://test.app.com/public/login.html

3. User enters credentials and authenticates successfully

4. User should be redirected back to the original protected URL which was accessed on step #1


Configuration Changes done so far:

Apache Web Server Configuration :
=================================

LoadModule request_module mod_request.so
LoadModule auth_form_module mod_auth_form.so
LoadModule session_module mod_session.so
LoadModule session_cookie_module mod_session_cookie.so
LoadModule authnz_ldap_module mod_authnz_ldap.so
LoadModule authn_core_module mod_authn_core.so
LoadModule ldap_module mod_ldap.so
LoadModule auth_basic_module mod_auth_basic.so
LoadModule authz_user_module mod_authz_user.so

<LocationMatch "/secure/app">
               SetHandler form-login-handler
               AuthFormProvider ldap
               Include ldap.conf
               AuthType form
               AuthName "Enter your credentials"
               AuthFormLoginRequiredLocation "https://test.app.com/public/login.html
               Session On
               SessionCookieName WSSESSION path=/;domain=.app.com;httponly;secure;
               SessionMaxAge 0
               <RequireAny>
                      Require valid-user
               </RequireAny>
</LocationMatch>



HTML Code of https://test.app.com/public/login.html:
====================================================
<form method="POST" action="">  Username: <input type="text" name="httpd_username" value="" />
  Password: <input type="password" name="httpd_password" value="" />
  <input type="submit" name="login" value="Login" />
</form>


The basic configuration is working fine, but I am not sure how to retain the original URL user has accessed to redirect the user back to that URL after authentication.

Please let me know for any further details.

I hope you can provide some direction for this use case. THANK YOU.


--
Thanks & Regards,
Gopi ReddyIrala
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux