12

I have a private website used as an intranet site for workers from around the world who have accounts with my Google Apps domain (example.com). They currently use OpenId to log in to various collaborative tools, so I want to use this for my site too.

  1. I want to protect the static content on my private members-only website with OpenID login (rather than, say, basic HTTP auth), which Google Apps provides.

  2. I know that anyone can be an OpenID provider, so I want to restrict it to one domain name, specifically my Google Apps domain.

At the moment my static content is served via Nginx. I would prefer a simple Nginx module that would handle this with only a bit of setup.

If I have to get my hands dirty, I don't mind setting up a basic Python (say Django) or Java server to handle this, but I don't want to use PHP or Ruby.

Nmk
  • 1,281
  • 2
  • 14
  • 25
Ash
  • 1,266
  • 4
  • 14
  • 24

2 Answers2

0

For lighttpd, there is https://lighttpd-external-auth.chmd.fr.

I believe it could be ported for the nginx lua scripting interface without major difficulties.

user48678
  • 2,382
  • 3
  • 24
  • 30
  • Hi, the link is not functional anymore (it goes to the personal site but does not show the script I am looking for). I found the script (not maintained anymore) at https://github.com/chmduquesne/lighttpd-external-auth – Radim Vansa Apr 03 '20 at 15:53
0

Depending on the volume of content, why not put it up on the Google App Engine?

There are restrictions on the amount of stuff you can put up statically (you can serve from DB though), and the number of changes per day.

If your content is small enough and doesn't change too frequently (100 times a day I believe is the max) this might address your authentication problems and simplify your life a fair bit!

Jan Z
  • 602
  • 4
  • 10
  • Is your intention that GAE has built-in openid support? How simple is that to set up. – Ash Sep 23 '11 at 14:35
  • Hmm for a corporate site (which this is) I'm not sure I'm comfortable with using app engine for this and it. The site is very simple (static pages) so it would be nice to have a simple open-id or oauth-based authentication – Ash Oct 30 '12 at 15:06