OPNsense Forum

English Forums => Web Proxy Filtering and Caching => Topic started by: tgoldenbaum on February 16, 2021, 03:19:07 pm

Title: NGinx Basic/Advanced Http Authorization
Post by: tgoldenbaum on February 16, 2021, 03:19:07 pm

Hello Forum,

I have the following problem: I want to enable https authentication, so that the browser displays a login prompt before loading the website. I want to check against an AD Server I provided to opnsense under system->access->servers.

in Nginx:
I enabled advanced ACL at the http location entry, and at the http server->Advanced ACL Authentication Backend i put in the installed AD server

it worked, the browser displayed the login prompt, users could check with their AD credentials and after that the website was loaded.

Then it stopped working. I can not tell you what i did in the meantime, I did not update, but worked on some other issues on the nginx, which had nothing to do with it.
The website is loading fine, but the authorization prompt before that is still missing.

Do you have an idea what happened, what I can do?

Title: Re: NGinx Basic/Advanced Http Authorization
Post by: Fright on February 16, 2021, 04:39:14 pm

hi
what if you set satisfy to all?

Title: Re: NGinx Basic/Advanced Http Authorization
Post by: tgoldenbaum on February 18, 2021, 09:42:09 am

Yes, that did the trick. You have to set (under Advanced Mode on) Satisfy All on the location, not the HTTPS Server. Now its working, thank you very much.

best regards
Thomas Goldenbaum

Title: Re: NGinx Basic/Advanced Http Authorization
Post by: Fright on February 18, 2021, 09:55:37 am

yes, that's how 'satisfy' directive works (you set IP ACL. and if IP ACL match with satisfy=any there is no need to auth)
glad it works )