Possible to programatically set basic auth realm,userid/password in browser client cache

q_the_eskimo has asked for the wisdom of the Perl Monks concerning the following question:

I've searched the Database at the monastery on basic authentication and can't seem to find the answer. Hopefully this request isn't completely an insult to the monks.

What I want to do is have the users run a perl cgi script that accepts a userid and password in an html form (not true basic authentication, just a form) and then write these values to the browser cache but for a different realm, not the realm of the original page. That way the proper realm and authentication values are in the client cache when the user is redirected to the new realm.

Under the current system we use basic authentication and that works fine for those links on the menu that require it, but for the other links that want the userid/password in the URL the users have to log in a second time.

By capturing the userid and login and preloading the browser cache I would be able to make a menu that has some links that use basic authentication (would see the preloaded values) and other links that require userid/password to be passed on the url (captured in the original html form).

Comment on Possible to programatically set basic auth realm,userid/password in browser client cache

Replies are listed 'Best First'.
Re: Possible to programatically set basic auth realm,userid/password in browser client cache by waswas-fng (Curate) on Jul 14, 2003 at 20:01 UTC
Not going to happen. Your best bet is to talk with the other realm admins and get some system set up that uses a md5 hash of some info (your site,time,a secret) that you can use as part of an URL that you link to them on. They can have that URL then create a hash of the same info and see if they match to do auth. The real only way to pass basic auth in a link is to do http://<user>:<pass>@site/index.html but this breaks on some load balancers/proxies and also does not work with usernames or passwords that have email addesses in them (because of the second @). Also it allows your end users to see the plaintext user/pass. -Waswas	[reply]
Re: Possible to programatically set basic auth realm,userid/password in browser client cache by Excalibor (Pilgrim) on Jul 14, 2003 at 20:28 UTC
What you're trying to do looks a lot like a web proxy. Have your users authenticated on a webform, and create a cookie (with crypto info about the user and login time) you can send them back, and that's accepted by the other webs. Then tell the webs that do not comply that they must accept the cookie way of authentication (via proxy) if they want to be integrated. Been there, done that. Some complained, but in the end everybody was just happy to 'integrate themselves' for the added value of a kind of single sign-on. Good luck, -- `our $Perl6 is Fantastic;`	[reply] [d/l]
Re: Re: Possible to programatically set basic auth realm,userid/password in browser client cache by q_the_eskimo (Initiate) on Jul 15, 2003 at 13:16 UTC
Thanks to both of your for the responses. I think I am still kind of stuck. One set of menu items as far as I can tell REQUIRES basic authentication. These are Oracle PL/SQl procedures which run on the Apache server with mod_plsql. The other set of menu items are Oracle WebForms which require the loginid and password be passed via the url (post hides the details). The maddening thing is that the userid and passwords are the same between the two products, if only I could either preload the browser for the basic auth items or read the values after basic auth so I can pass them to the url based authenticated items. I was hoping a perl based menu would allow this. So my dilemma remains that I cannot replace the authentication with a proxy web server since I can't control the basic authentication requiring items as far as I can tell. Thanks again for your responses. -quinn	[reply]