Use external auth and/or database auth backend?

Hi all,

I have configured an external auth backend (nginx + vouch-proxy + ADFS) to achieve Single Sign On, and this works as expected.

However, we have a number of users that authenticate via DB auth, and cannot be migrated to our IDP (external users from our org).

I am wondering if anyone has ever been able to configure both external and DB auth together? One idea I’ve tried is creating a location block in nginx for /sso and configuring the nginx auth_request directive in this location, however I can’t get it to redirect to Icingaweb with the correct authentication cookies.

I am hoping there is a way to achieve this with some clever nginx config, rather than having to maintain our own fork of Icingaweb to recognise both auth methods.

Excited to hear your ideas.

The auth backends are in order.
I use the Database first, then ActiveDirectory and as last option External (the user name variable set by the Webserver).

Fist backend, that knows the user tries to handle the authentication. OK, the External one isn’t handling anything but just accepting, what was set by the webserver.

1 Like