> On 27 Oct 2017, at 10:29 am, Mohammad Hashemian <[email protected]> wrote:
>
> Thanks a lot, Graham. Very helpful. I actually could make it work. As you
> said, I added this to my httpd.conf:
>
> <Location /dashboard/kibana>
> AuthType Form
> AuthFormProvider wsgi
> AuthName "test"
> ErrorDocument 401 /rel/path/to/httdp_signin/signin.html
> WSGIAuthUserScript /path/to/wsgi/wsgi.py
> WSGIAuthGroupScript /path/to/wsgi/wsgi.py
> <RequireAll>
> Require wsgi-group myGroup
> Require valid-user
> </RequireAll>
> Session On
> SessionCookieName httpdsessionid path=/
> </Location>
>
>
> Now how it works is like this:
>
> 1. User is logged in Django app and clicks to access the second app (in this
> case, Kibana)
> 2. Kibana is protected by Apache's authentication, and user is not
> authenticated with Apache, so error 401 will navigate the user to the
> signin.html page
> 3. User has to enter username/password again (not ideal but a lot better than
> alternatives I've found so far)
That sounds like you are still relying on Django form login.
As I understand it, what you need to do is disable Django forms login and for
Django access they should also use the Apache form login. When a request then
passes through to Django, you should be having Django trust REMOTE_USER and use
that to establish the login session information from Django. There is some
details of doing it in:
https://docs.djangoproject.com/en/1.11/howto/auth-remote-user/
<https://docs.djangoproject.com/en/1.11/howto/auth-remote-user/>
> 4. A new session/cookie is created for the user, which as you said, is
> different than the session user had with Django.
> 5. Now the user can navigate to Kibana
>
> This is now working, but I don't know much about embedded vs. daemon mode,
> unfortunately. I will have to read a bit about those and make sure that
> setting is also done correctly.
>
> Thanks again for your time,
> Mohammad
>
> --
> You received this message because you are subscribed to the Google Groups
> "modwsgi" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected]
> <mailto:[email protected]>.
> To post to this group, send email to [email protected]
> <mailto:[email protected]>.
> Visit this group at https://groups.google.com/group/modwsgi
> <https://groups.google.com/group/modwsgi>.
> For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
--
You received this message because you are subscribed to the Google Groups
"modwsgi" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/modwsgi.
For more options, visit https://groups.google.com/d/optout.
