Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-1030

Nginx Web agent add Authorization header and send request along.

    XMLWordPrintable

    Details

    • 2018.9 The Sphinx, 2018.11 - Fire

      Description

      Problem The Nginx Web agent once authenticated will pass the "Authorization: Basic" header along if the request flow. This goes to later downstream web server which may not like these headers.

       

      Testcase

      1. Install the Nginx proxy with AM
      2. Configure the Nginx agent to reverse proxy to some site
      3. Observe the request landing on these site. They have "Authorization: Basic $(base64 "user" )

      Expected: No extra authorization header. In fact the Apache Web agent does not have behave like this (ie no such header too).
      Current: Authorization header added to request

      Impact

      Some downstream client may not like the Authorization header.

      Workaround

      Add before the proxy_pass the following
           proxy_set_header Authorization "";

       

      Would like

      • to make sure that Authorization header is not there  or if this is needed for some reason then a switch to enable/disable it.{{}}

       

        Attachments

          Issue Links

            Activity

              People

              Unassigned Unassigned
              chee-weng.chea C-Weng C
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: