[squid-users] Custom header based authentication module

From: Christoph Rabel <crabel_at_new10.com>
Date: Wed, 24 Sep 2008 11:22:21 +0200

Hi!

I am rather new to squid and I hope my question is fine here.

We have a single sign on service in our company, which essentially sets
a custom header after authentication.
Now, we would like to use this header for squid authentication too.

So, a request which has a valid ssoheader should be considered
authenticated and allowed to access the internet. A user without such a
header(or an invalid one) should be redirected to the login page.

I understand from documentation, that I have to implement a custom auth
module, which checks the credentials, but it says
also (http://wiki.squid-cache.org/SquidFaq/ProxyAuthentication) that the
/Authorization/ request header is given to this module. And if the
header is not present, 407 is sent.

To condense my question: Is it possible to specify which header
information is given to the auth module? And to specify that no 407 but
a redirect is sent?

Another thing that bothers me are SSL requests. What happens when the
proxy encounters a request for a https site? Can it access the cookie
anyway?

Thanks, Christoph
Received on Wed Sep 24 2008 - 09:22:31 MDT

This archive was generated by hypermail 2.2.0 : Wed Sep 24 2008 - 12:00:03 MDT