You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Following discussion #268 I would like to please ask for an enhancement to provide a method by which the session cookie could possibly retain a timestamp, so that the GSSAPI module can differentiate a return request without the Authorization: Negotiate header and subsequently respond with a 302 redirect to a basic auth URL.
I'm essentially asking for something along the lines of GssapiAuthoritative, which would work similarly to how I understand the KrbAuthAuthoritative function in mod_auth_kerb to work.
We are hoping to achieve having fully transparent and automated Kerberos authentication whilst providing a fall through basic auth method of authenticating 3rd parties using the basic auth module with AuthUserFile.
The same discussion thread referenced above contains a sample Apache 2.4 configuration for requiring authentication to a reverse proxy resource and works with Chrome on Android, Safari on iOS and Firefox on Windows. Chromium based browsers on a domain joined workstation however do not honour the 401 metadata refresh redirect method.
Regards
David Herselman
The text was updated successfully, but these errors were encountered:
Hi,
Following discussion #268 I would like to please ask for an enhancement to provide a method by which the session cookie could possibly retain a timestamp, so that the GSSAPI module can differentiate a return request without the
Authorization: Negotiateheader and subsequently respond with a 302 redirect to a basic auth URL.I'm essentially asking for something along the lines of
GssapiAuthoritative, which would work similarly to how I understand theKrbAuthAuthoritativefunction in mod_auth_kerb to work.We are hoping to achieve having fully transparent and automated Kerberos authentication whilst providing a fall through basic auth method of authenticating 3rd parties using the basic auth module with
AuthUserFile.The same discussion thread referenced above contains a sample Apache 2.4 configuration for requiring authentication to a reverse proxy resource and works with Chrome on Android, Safari on iOS and Firefox on Windows. Chromium based browsers on a domain joined workstation however do not honour the 401 metadata refresh redirect method.
Regards
David Herselman
The text was updated successfully, but these errors were encountered: