Browse Source

Correctif basic auth

master
Teddy Cornaut 3 months ago
parent
commit
a317c88237
2 changed files with 9 additions and 1 deletions
  1. 4
    0
      dicos/71_mse_haproxy.xml
  2. 5
    1
      tmpl/mse.cfg

+ 4
- 0
dicos/71_mse_haproxy.xml View File

@@ -28,6 +28,9 @@
28 28
             <variable name='haBasicAuth' type='oui/non' description="Utiliser une autentification basique ?" mandatory='True'>
29 29
                 <value>oui</value>
30 30
             </variable>
31
+            <variable name='haBasicAuthWs' type='oui/non' description="Laisser passer les flux WS ?" mandatory='True'>
32
+                <value>oui</value>
33
+            </variable>
31 34
             <variable name='haBasicAuthUser' type='unix_user' description="Nom d'utilisateur pour l'autentification basique" mandatory='True'>
32 35
                 <value>admin</value>
33 36
             </variable>
@@ -73,6 +76,7 @@
73 76
         </condition>
74 77
         <condition name='disabled_if_in' source='haBasicAuth'>
75 78
             <param>non</param>
79
+            <target type='variable'>haBasicAuthWs</target>
76 80
             <target type='variable'>haBasicAuthUser</target>
77 81
             <target type='variable'>haBasicAuthPass</target>
78 82
         </condition>

+ 5
- 1
tmpl/mse.cfg View File

@@ -107,13 +107,17 @@ frontend http
107 107
     acl host_portal_front path_beg -i /envole
108 108
 
109 109
     acl no_auth_1 path_beg /envole/saml/metadata
110
-    acl no_auth_2 path_beg /idp/shibboleth
110
+    acl no_auth_2 path_end /idp/shibboleth
111 111
     acl no_auth_3 path_beg /Shibboleth.sso/Metadata
112 112
     acl no_auth_4 path_beg /envole/page/metrics
113 113
 
114 114
   %if %%haBasicAuth == 'oui'
115 115
     acl auth_ok http_auth(users)
116
+  %if %%haBasicAuthWs == 'oui'
116 117
     http-request auth unless auth_ok or no_auth_1 or no_auth_2 or no_auth_3 or no_auth_4 or host_idp or host_portal_soap or host_portal_soap_old or !host_portal_front
118
+  %else
119
+    http-request auth unless auth_ok or no_auth_1 or no_auth_2 or no_auth_3 or no_auth_4
120
+  %end if
117 121
   %end if
118 122
 
119 123
   %if %%haHostPortalWww == 'oui'

Loading…
Cancel
Save