File tree Expand file tree Collapse file tree 3 files changed +25
-9
lines changed Expand file tree Collapse file tree 3 files changed +25
-9
lines changed Original file line number Diff line number Diff line change @@ -102,9 +102,16 @@ backend be_protected
102102 # set up spoe filter
103103 filter spoe engine auth-request config /usr/local/etc/haproxy/spoe.cfg
104104
105- # send to spoe and act on response
105+ # send to spoe
106106 http-request send-spoe-group auth-request auth-request-group
107+
108+ # perform redirect and set cookie if the response was a redirect with a cookie
109+ http-request return status 302 hdr location %[var(txn.auth_request.response_location)] hdr set-cookie %[var(req.auth_request.response_cookie)] if { var(txn.auth_request.response_redirect) -m bool } !{ var(txn.auth_request.response_successful) -m bool } { var(req.auth_request.response_cookie) -m found }
110+
111+ # perform a redirect only if no cookie was provided
107112 http-request redirect location %[var(txn.auth_request.response_location)] if { var(txn.auth_request.response_redirect) -m bool } !{ var(txn.auth_request.response_successful) -m bool }
113+
114+ # deny request otherwise
108115 http-request deny if !{ var(txn.auth_request.response_successful) -m bool }
109116
110117 # have your server(s) here
Original file line number Diff line number Diff line change @@ -65,7 +65,14 @@ backend be_protected
6565
6666 # send to spoe and act on response
6767 http-request send-spoe-group auth-request auth-request-group
68+
69+ # perform redirect and set cookie if the response was a redirect with a cookie
70+ http-request return status 302 hdr location %[var(txn.auth_request.response_location)] hdr set-cookie %[var(req.auth_request.response_cookie)] if { var(txn.auth_request.response_redirect) -m bool } !{ var(txn.auth_request.response_successful) -m bool } { var(req.auth_request.response_cookie) -m found }
71+
72+ # perform a redirect only if no cookie was provided
6873 http-request redirect location %[var(txn.auth_request.response_location)] if { var(txn.auth_request.response_redirect) -m bool } !{ var(txn.auth_request.response_successful) -m bool }
74+
75+ # deny request otherwise
6976 http-request deny if !{ var(txn.auth_request.response_successful) -m bool }
7077
7178 # Return some content for successful auth
Original file line number Diff line number Diff line change @@ -114,14 +114,6 @@ func (auth *AuthHandler) Handler(req *request.Request) {
114114 }
115115 }
116116
117- // set cookie if present
118- if cookies := res .Cookies (); len (cookies ) == 1 {
119- if v := cookies [0 ].String (); v != "" {
120- req .Actions .SetVar (action .ScopeRequest , "response_cookie.name" , cookies [0 ].Name )
121- req .Actions .SetVar (action .ScopeRequest , "response_cookie.value" , v )
122- }
123- }
124-
125117 logger .Info ("message handled" )
126118 return
127119 }
@@ -137,6 +129,16 @@ func (auth *AuthHandler) Handler(req *request.Request) {
137129 req .Actions .SetVar (action .ScopeTransaction , "response_redirect" , true )
138130 req .Actions .SetVar (action .ScopeTransaction , "response_location" , location )
139131 }
132+
133+ logger = logger .With ("cookies" , len (res .Cookies ()))
134+
135+ // set cookie if present
136+ if cookies := res .Cookies (); len (cookies ) == 1 {
137+ if v := cookies [0 ].String (); v != "" {
138+ logger = logger .With ("response_cookie" , v )
139+ req .Actions .SetVar (action .ScopeRequest , "response_cookie" , v )
140+ }
141+ }
140142 }
141143
142144 // all other responses
You can’t perform that action at this time.
0 commit comments