authProxy2

authProxy2 is an authentication reverse proxy used primarily to authenticate users outside of the lan and give them access to resources inside a corporate domain.

deployment diagram for authProxy2

Users can be authenticated with

The credentials of the user can be passed to the backend application with

When using Forms based authentication to authenticate the user, an other application must be deployed: the authProxyLogin app. This application simply shows the user a form asking for a username and password, and uses those credentials to authenticate to the backend application.

Configuration

authProxy2 has 3 configuration files:

download

Changelog:
  - encrypt login requests from reverse proxy to login app
  - the reverse proxy now sends the logout url to the login app.
  
ToDo:
  - support cross domain single sign out
	

Archived versions

Do not use them. They are here just for historic memory.

installation instructions

prerequisites

installation steps

the config script will ask you some questions and create 2 files:

Deploy the files on the tomcat server you installed before. authProxy2 and the login application don't need to be on the same server, you can deploy them on different machines/hosts.

Copy your config.xml file to the right location, configure your DNS servers and you should be all set.

debugging

If you run into problems add these to your logging.properties:

java.util.logging.ConsoleHandler.level = ALL
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter


it.r0xy.p.main.FilterManager.level = ALL
it.r0xy.p.config.Parser.level = ALL
it.r0xy.p.misc.CleanUpSessions.level = ALL


it.r0xy.p.main.filter.authentication.frontend.CookieAuthFilter.level = ALL
it.r0xy.p.main.filter.authentication.frontend.SpnegoAuthFilter.level = ALL
it.r0xy.p.main.filter.authentication.frontend.BasicAuthFilter.level = ALL

it.r0xy.p.main.filter.authentication.backend.BasicAuth.level = ALL
it.r0xy.p.main.filter.authentication.backend.BasicAuthRequestWrapper.level = ALL
it.r0xy.p.main.filter.authentication.backend.Spnego.level = ALL
it.r0xy.p.main.filter.authentication.backend.SpnegoRequestWrapper.level = ALL

it.r0xy.p.main.filter.Proxy.level = ALL
it.r0xy.p.authentication.spnego.Identity.level = ALL

it.r0xy.p.main.filter.authentication.frontend.CookieHideRequestWrapper.level = ALL
it.r0xy.p.main.filter.ProxyResponseWrapper.level = ALL


#httpclient.wire.header.level = FINE
#httpclient.wire.content.level = FINE
#org.apache.commons.httpclient.level = FINE
	

external references

This proxy is a java implementation of Richard Goerwitz paper Pass-Through Proxying as a Solution to the Off-Campus Web-Access Problem.

Some code from j2ep is used for the reverse proxy implementation.

License

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.