Opened 4 years ago

#775 new enhancement

Support for more complex satisfy configurations

Reported by: ahutchings Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.9.x
Keywords: Cc:
uname -a:
nginx -V: N/A

Description

It would be nice to have more complex satisfy directives so that we can do more complex AuthN and AuthZ combinations. An example from RedHat? of the pseudo configuration would look like:

( authenticate via Kerberos
		*and* authorize with different module against FreeIPA )
	or ( authenticate via SAML
		*and* (authorize with different module against FreeIPA 
			or authorize based on static list of groups ))
	or allow access from domain .internal.example.com

At the moment this would require an external daemon to handle the auth.

Change History (0)

Note: See TracTickets for help on using tickets.