You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Yungwei Chen <yu...@resolvity.com> on 2009/11/13 18:37:02 UTC

[users@httpd] RE: Authenticate each user once for multiple applications

I just found that using the same value of AuthName for each application seems to solve my problem. Is it the right way to go?

From: Yungwei Chen [mailto:yungwei@resolvity.com]
Sent: Friday, November 13, 2009 10:00 AM
To: users@httpd.apache.org
Subject: [users@httpd] Authenticate each user once for multiple applications

Hi,

I have a reverse proxy server that forwards to requests to an internal apache server. Here's the configuration on how the reverse proxy server works.
    <Location /rpt >
       Order Deny,Allow
       Deny from all
       Allow from ...
       ProxyPass        https://111.111.111.111/rpt
       ProxyPassReverse https://111.111.111.111/rpt
       ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100
       AuthName "Restricted Access"
       AuthType Basic
       AuthUserFile /etc/httpd/passwd/htpasswd.users
       Require valid-user
   </Location>

Then I added the following to the same conf file on the reverse proxy server for another application.
I first accessed the rpt application in a web browser, and then I was asked to enter id and password as expected.
Then I hit rpt2 in the same browser session, and then I was asked to enter id and password again.
My question is: How can I tell the reverse proxy server to authenticate each user just once in this case?
    <Location /rpt2 >
       Order Deny,Allow
       Deny from all
       Allow from ...
       ProxyPass        https://111.111.111.111/rpt2
       ProxyPassReverse https://111.111.111.111/rpt2
       ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100
       AuthName "Restricted Access"
       AuthType Basic
       AuthUserFile /etc/httpd/passwd/htpasswd.users
       Require valid-user
   </Location>

Thanks.