With toolkit in Reverse Proxy Server and authenticating against LDAP server, how to redirect to application after LDAP authentication

[SJS]

After a Reverse Proxy Server(RPS) running Apache authenticates the cookie from the external LDAP server 

using the RPS ssl.conf configuration with mod_auth_pubtkt, is it a simple matter of specifying the

usual Apache ProxyPassReverse directive(s) to redirect to our application?

Can you combine both the toolkit "TKTAuthLoginURL" directives and the ProxyPassReverse in the same ssl.conf or httpd.conf file?

If doing so, how does Apache ssl.conf configuration know that the LDAP server authentication cookie was already

successfully applied before redirecting to our application using the ProxyPassReverse directive?

ssl.conf:

    TKTAuthPublicKey /etc/httpd/conf/mod_auth_pubtkt-signKey-Client1.pub.pem
    AuthType mod_auth_pubtkt
    TKTAuthLoginURL https://my2FA.cloud.net/web/login/modauth_pubtkt.php?realm=POC
    TKTAuthTimeoutURL https://my2FA.cloud.net/web/login/modauth_pubtkt.php?realm=POC&timeout=1
    TKTAuthUnauthURL https://my2FA.cloud.net/web/login/modauth_pubtkt.php?realm=POC&unauth=1

    TKTAuthRequireSSL on

[SJS]

What SSL encryption level does mod_auth_pubtkt use?  TLSv1.2 ?

[Alex Muntada]

AFAIK whatever version the apache server negotiates with the browser. The only thing that pubtkt does is setting the secure flag in the cookie.

Cheers,
Alex

El dia 27/03/2015 19:30, "SJS" <stephen...@gmail.com> va escriure:

--

---
You received this message because you are subscribed to the Google Groups "mod_auth_pubtkt users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mod_auth_pubtkt-...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.