0

The idea is to have a proxy server(like SOCKS4/5, but for HTTP protocol), the purpose of this proxy server is to authenticate requests on behalf of the users, by manipulating the requests.

For example let's say that organization has AWS environment. Instead of provide the engineers with credentials for AWS, they are provided with access to the HTTP proxy, they setup their machine to send all the requests to the proxy and the proxy server injects the needed HTTP headers into the requests.

After some research, I was unable to find a similar solution. Are you aware of such solution, or an set of solutions capable to fulfill the above requirements?

Andrew Schulman
  • 8,561
  • 21
  • 31
  • 47
deigeorgiev
  • 3
  • 1
  • Any proxy server can do this. But it sesms like a terrible idea. Everyone should have their own AWS credentials. – Michael Hampton Nov 09 '20 at 09:11
  • The issue is with how the proxy server handles the authentication with other service, since for example one service will have JWT token which expires every hour, and it must be renewed. In addition AWS was just an example. The concrete scenario must able to handle a lot of 3rd party systems, for 3rd party consultants. The idea is to have a single account which can have access to a lot of systems, without the need to manage the accounts into those systems. – deigeorgiev Nov 09 '20 at 09:26
  • HTTP headers rarely are enough to handle logins; session cookies on the client systems are quite often involved. – Massimo Nov 09 '20 at 09:39

1 Answers1

0

A term that will help your search is identity aware proxy. Used effectively, these provide authentication for every application. Harden the applications some, and they can be over the internet, removing the need for VPN.

Usually such a service defers to existing identity providers for users. The directory or credential API you already have. Whatever you use, have processes to manage it, as auth policies are essential for security.

John Mahowald
  • 30,009
  • 1
  • 17
  • 32