Open Did-IUT51 opened 3 years ago
I just did a small commit that allows
set $cas_user "";
access_by_lua_block { ngx.var.cas_user = require('cas').forceAuthentication(); }
=> $cas_user
can be used in log_format
As for authorization, it seems you will have to write it in lua...
Thank you for the logs, it woks fine.
We must map the variable cas_user in the "http section" before the log_format statement : map "" $cas_user { default -; }
I will try to write the authorization part. If it's a success, I will add it to your code.
For anyone who comes along to this and would like an authorisation solution, I've written a fairly basic one:
local cas = require('cas')
-- Customise this with the list of users you want to allow
local allowed_users = { "user_a", "user_b", "user_c" }
-- Based on:
-- https://snippets.bentasker.co.uk/page-2106050929-Check-if-value-exists-in-table-LUA.html
local function table_contains(tbl, x)
for _, v in pairs(tbl) do
if v == x then
return true
end
end
return false
end
local function forceAuthentication()
-- Delegate general authentication to the CAS module
cas_user = string.lower(cas.forceAuthentication())
-- Check if the user is allowed to access this site
if table_contains(allowed_users, cas_user) then
return cas_user
else
ngx.log(ngx.ERR, "User not authorised: " .. cas_user)
ngx.exit(ngx.HTTP_UNAUTHORIZED)
return cas_user
end
end
return {
forceAuthentication = forceAuthentication;
}
You can then put this alongside the cas.lua
file (something like /etc/nginx/lua/cas-allow-users.lua
) and then add the following block to nginx:
access_by_lua_block { require('cas-allow-users').forceAuthentication() }
If the user isn't in the list, they see a standard nginx 401 error page, otherwise they are allowed in as before.
Hello,
I have two issues with this module :
Thank you for your response.
Didier