HTTP Digest Authentication in varnish4

[Donath, Niklas]

Hi there,

i am currently trying to put varnish in front of a restful webservice with an existing http digest authentication.
Does anyone already had this use case and could give me a hint or an example code on how to set this up properly?
I didn’t find useful information in the varnish docs. The e-book “Getting started with Varnish Cache” only scratches that topic.
Examples I found about basic authentication do not really match because the authentication is implemented on varnish side only.
I would like to pass through the authentication to the backend because I don’t want to add user handling in varnish itself.
In my understanding, the authentication works as follows:

-          1st request: no authentication, passed to the backend, backend response with nonce in header

-          2nd request: client sends user credentials, passed to the backend, server gives proof (200) or fail (401)

-          3rd request: probably cache hit, request with auth credentials is “forked” as HEAD request, sent to the backend, server gives proof (200) or fail (401)
Am I getting this right, am I probably missing something?
Thank you in advance for any input and/or feedback!

Greetings,

Niklas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20170302/3b7b2190/attachment.html>