Cookie Authorizer

Cookies-based authentication.

AUTHTYPE=org.signserver.server.CookieAuthorizer

The Cookie Authorizer can be used to authorize clients when SignServer is sitting behind an Apache HTTP Server or an Airlock Web Application Firewall (WAF). The client HTTP request may then include custom cookies with a client set prefix and a signature. The Cookie Authorizer enables logging the client cookies to the SignServer log, which can later be used for statistical analysis. The cookies are extracted by the Cookie Authorizer based on client specific business logic, and then parsed, analyzed and logged.

To configure the Cookie Authorizer to accept all clients, enable the worker property ALLOW_ANY:

  • ALLOW_ANY = true

To configure to display a prefix for incoming cookies in the SignServer log file, set the worker property REQUEST_COOKIES_PREFIX, for example:

  • REQUEST_COOKIES_PREFIX = ABC_

If the same prefix is already present in the cookies coming from the client, no additional prefix will be added when logging the cookie. This avoids that the cookie name overwrites an existing log field and prevents increasing the log file.