Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: Reverse proxy with LDAP check on client certificate cn |
|
Author |
|
Luna
Joined: 09 Apr 2018 Posts: 1
|
Posted: Tue 10 Apr '18 20:00 Post subject: Reverse proxy with LDAP check on client certificate cn |
|
|
Apache version 2.4.29, Windows Server 2012 R2
Just started and is very new to working with Apache. I am using Apache as a forward and reverse proxy for application to application SOAP communication. I have the connection setup with SSL mutual authentication. Currently trying to setup on the reverse proxy a way to check the client certificate cn against the LDAP directory, but I am having problems getting it to work.
The C# client application that I made works in making the connection to the service behind the proxy, but once I add in the LDAP configuration changes in the httpd-ssl file, the client app returns an error: "The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Basic realm="ApacheProxy"'."
Below is the configuration I'm using. Maybe there is something I am missing or doing incorrectly? I'm not so confident this can accomplish what I am aiming for.
<Location / >
AuthName "ApacheProxy"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL "my_ldap_url"
AuthLDAPBindDN "cn=mycn,ou=applications,o=myo,c=myc"
AuthLDAPBindPassword mypassword
Require ldap-dn "cn=mycn,ou=applications,o=myo,c=myc"
LDAPReferrals Off
AuthLDAPCompareDNOnServer on
</Location>
When I try to navigate from my browser to the reverse proxy, it prompts for login. When I use my LDAP credentials, nothing happens, but by Wireshark I can see that my connection to LDAP was successful. I suspect I am having issues from my client application because of the login prompt. I would like to consult the community to see if there is a solution for doing an LDAP check on the client certificate cn without being prompted to login.
To summarize and word it differently, is there a way to automatically login to LDAP to check the cn of the client certificate when an application hits the Apache reverse proxy? |
|
Back to top |
|
|
|
|
|
|