I have configured an external auth backend (nginx + vouch-proxy + ADFS) to achieve Single Sign On, and this works as expected.
However, we have a number of users that authenticate via DB auth, and cannot be migrated to our IDP (external users from our org).
I am wondering if anyone has ever been able to configure both external and DB auth together? One idea I’ve tried is creating a location block in nginx for /sso and configuring the nginx auth_request directive in this location, however I can’t get it to redirect to Icingaweb with the correct authentication cookies.
I am hoping there is a way to achieve this with some clever nginx config, rather than having to maintain our own fork of Icingaweb to recognise both auth methods.
Excited to hear your ideas.