stackoom
  简体   繁体   中英

FCGI returns 500 error on No Auth/doesn't authenticate on Basic Auth

 原文  2015-03-10 16:20:11       c++/ authentication/ openam/ fastcgi/ apache2.2

Question

I am having a bit of a problem with FCGI in C++.

Originally, it was an application that would use Basic Auth in order to validate any incoming requests (with some validation methods, etc).

We are now trying to incorporate SSO into the installation, using OpenAM as an IDP.

We have been able to communicate with OpenAM without much difficulty (in terms of sending a redirect message from the SP to the IDP using Lasso ), but the real difficulty is when the IDP redirects back.

If Basic Auth is turned on in Apache, the authorization headers won't be passed, and the user won't be validated.

If Basic Auth is turned off, FCGI throws an exception stating: 

[Mon Mar 09 14:33:33 2015] [error] [client 10.12...] FastCGI: comm with server "/var/www/fcgi" aborted: protocol error: invalid version: 10 != FCGI_VERSION(1), referer: "http://...:8080/OpenAM-12.0.0/SSORedirect/metaAlias/idp?ReqID=...&index=null&acsURL=&spEntityID=https%3A%2F%2F...%2F&binding="
[Mon Mar 09 14:33:33 2015] [error] [client 10.12...] FastCGI: incomplete headers (0 bytes) received from server "/var/www/fcgi", referer: "http://.../OpenAM-12.0.0/SSORedirect/metaAlias/idp?ReqID=...&index=null&acsURL=&spEntityID=https%3A%2F%2F...%2F&binding="

My fcgi.conf looks like this: 

FastCGIExternalServer /var/www/fcgi -host 127.0.0.1:8082 -idle-timeout 3600 -appConnTimeout 3600
    <Location "/fcgi">
        AuthType Basic
        AuthName "Protected"
        AuthGroupFile None
        FastCgiAuthorizerAuthoritative Off
        FastCgiAuthenticatorAuthoritative Off
        FastCgiAuthenticator /var/www/fcgi
        Require valid_user
    </Location>

1 answers

solution1
 1 ACCPTED  2015-03-12 11:02:50

Looks like you want to replay the user's password for the protected application. I don't believe there is a way to force the browser to send certain request headers along with requests (other than making Ajax calls).

From your description it looks like you are using Apache, which unfortunately doesn't support Basic Auth (with password replay) at the moment, only IIS agents implement that at the moment.

I think OpenIG could resolve your use-case as that supports password replay (similarly to the IIS agents), but that will mean then that you'll need to have OpenIG to act as a reverse proxy in front of your FCGI application.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question FCGI_SetExitStatus doesn't works c++ Firebase Auth error int auth(){stuff}; auth(); ERROR: expected initializer brefore int HTTP POST with Basic Auth and Fields (libcurl c++) Basic animation doesn't fire gperftools + apache + fcgi , it won't write to the file libc++ can't handle fcgi streambuf Basic C++ exercise (command prompt doesn't show any cout. No compiler error) Clang doesn't see basic headers A basic example with "constexpr" doesn't compile
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM