Getting SPNEGO HTTP headers to a CGI?
- From: schlenk <schlenk@xxxxxxxxxxxxxxxx>
- Date: Wed, 23 Apr 2008 06:25:08 -0700 (PDT)
Hi all,
trying to get the following setup to work:
Http SPNEGO SPNEGO via CORBA
IE <---------------------> IIS <---> CGI
<--------------------------------> AppServer
So basically using IIS as a primitve frontend for an AppServer that
can do Kerberos Auth itself (via SSPI or GSSAPI). The AppServer may be
on Windows but it may be on some Unix host, shouldn't matter.
Basically i would need to put the HTTP auth headers into the CGI
environment somehow but didn't find any IIS docs about it.
Not sure if this would work:
register an SPN HTTP/somevirtualhost.example.com@xxxxxxxxxxx and let
the AppServer use that SPN with its call to SSPI AcquireCredentials()/
InitializeSecurityContext(). Now configure IIS somehow to pass all
Auth headers for http://somevirtualhost.example.com/.* to my CGI that
simply forwards stuff to the AppServer.
I know that its in principle unsafe to pass such info through CGI
environment vars, but for SPNEGO based Kerberos tokens it shouldn't
matter, those are designed for unsafe networks.
So is there a simple way to do this with IIS (handle auth stuff on the
CGI level)?
Michael
.
- Follow-Ups:
- Re: Getting SPNEGO HTTP headers to a CGI?
- From: Ken Schaefer
- Re: Getting SPNEGO HTTP headers to a CGI?
- Prev by Date: Re: CGI limitations?
- Next by Date: SQL Connections.NET Integrated security Hosting Multiple Applications on Single IIS
- Previous by thread: CGI limitations?
- Next by thread: Re: Getting SPNEGO HTTP headers to a CGI?
- Index(es):
Relevant Pages
|
