I have a JS application that issues REST calls from the client browser to a data source that sits behind nginx.
We need to implement CAS authentication for the application to manage access. However I am not sure how to implement the CAS piece for nginx. Currently, nginx is configured mainly to get around CORS, however that doesn't stop someone from manually connecting to that instance to retrieve the data.
My end goal is to make sure that someone wouldn't be able to just connect to the instance to retrieve the data unless they are using the web application. Does anyone have any ideas on how this could be done?
The ideal solution would be to get nginx to somehow validate the CAS token with the CAS server or even our webserver to see if that has been validated previously.
Thanks in advance
EDIT: As I do more research it seems possible with a custom perl script that can validate the CAS token with the CAS server and accept/deny connection appropriately. Has anyone tried something like this?