Hi,
I have a backend server that expects a Basic HTTP Authentication. I can't touch this server and its authentication mode.
But, I'd like to replace this authentication by a client certificate on a reverse proxy in front of this server. This would make something like this :
User --(ssl auth)--> ReverseProxy ---(Basic Auth with login)---> Backend server
So, technically, I need the ReverseProxy to add an Authorization header that will include a relevent login (part of the user DN) and a fixed, predefined, password (same for every user).
I know that a simple AddHeader could work for a fixed login and password but I need the login to be extracted from each client certificate.
In fact, it were supported, I'd need something like this :
RequestHeader set Authorization "Basic: base64_encode(%{SSL_CLIENT_S_DN}s:FXdPassword)"
Can I do this natively, with mod_ssl, mod_proxy, mod_header... or do I need to code it ? If so, would mod_perl be the best option there ?
Any help greatly appreciated !
TIA,
-Romain