I have an app that runs on frontend- and backend-servers. Customers login to the frontend-server and the same credentials are used for various apps available on the backend-servers. From within their session on the frontend-server, they select an app on the backend server, whereupon they automatically log into the backend-server app, using the same credentials. (Easy enough, so far).
For better security, I do not want to store username/password in the browser, but rather I'd like to store them on the frontend-server. (No so easy now). Now, when the customer requests a backend-server app, the frontend-server needs to intercept the request, lookup the user's previously stored credentials, then attach their credentials as headers, and finally send the modified request to the backend-server app. I envision that on the frontend server, I will need an external program to store and lookup user-credentials. How can Apache be configured to call an external program (filter?) and then how do I pass the values back to Apache (maybe environment variables?), before finally modifying the request and passing it onto the backend-server app. I'll be glad for any pointers. Matt. PS: So far, I've read through handlers, filters, proxy options, asis, and more. I'm beginning to think this might require my own module???
