Global basic auth for multiple servers

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Global basic auth for multiple servers

Stefan Christ
Hello,

today I tried to install and setup nginx and it worked great so far. I was able to add some servers (server sections) for each of my subdomains and forward them to the specific web interface in my network (reverse proxy).

I wanted to add some extra security so I used basic auth in the http section and turned it off for one single subdomain. Now I get asked to auth for each subdomain. Is it possible to configure nginx so that I only have to auth on one subdomain and have access to all others subdomains without being forced to auth again?

Still so happy how easy the setup was!

Have a nice day,
Stefan

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Global basic auth for multiple servers

Maxim Dounin
Hello!

On Sat, Apr 11, 2020 at 11:21:19PM +0000, Stefan Christ wrote:

> today I tried to install and setup nginx and it worked great so
> far. I was able to add some servers (server sections) for each
> of my subdomains and forward them to the specific web interface
> in my network (reverse proxy).
>
> I wanted to add some extra security so I used basic auth in the
> http section and turned it off for one single subdomain. Now I
> get asked to auth for each subdomain. Is it possible to
> configure nginx so that I only have to auth on one subdomain and
> have access to all others subdomains without being forced to
> auth again?

No.  Unfortunately, Basic HTTP authentication only provides
implicit authentication scope, and automatic reuse of credentials
is not possible across different [sub]domains.  Further details
can be found in RFC 7617, "2.2. Reusing Credentials", here:

https://tools.ietf.org/html/rfc7617#section-2.2

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

AW: Global basic auth for multiple servers

Stefan Christ
Hi Maxim,

thank you for the information!

-----Urspr√ľngliche Nachricht-----
Von: nginx <[hidden email]> Im Auftrag von Maxim Dounin
Gesendet: Sonntag, 12. April 2020 16:56
An: [hidden email]
Betreff: Re: Global basic auth for multiple servers

Hello!

On Sat, Apr 11, 2020 at 11:21:19PM +0000, Stefan Christ wrote:

> today I tried to install and setup nginx and it worked great so far. I
> was able to add some servers (server sections) for each of my
> subdomains and forward them to the specific web interface in my
> network (reverse proxy).
>
> I wanted to add some extra security so I used basic auth in the http
> section and turned it off for one single subdomain. Now I get asked to
> auth for each subdomain. Is it possible to configure nginx so that I
> only have to auth on one subdomain and have access to all others
> subdomains without being forced to auth again?

No.  Unfortunately, Basic HTTP authentication only provides implicit
authentication scope, and automatic reuse of credentials is not possible
across different [sub]domains.  Further details can be found in RFC 7617,
"2.2. Reusing Credentials", here:

https://tools.ietf.org/html/rfc7617#section-2.2

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx