NginX handler and CDA does not work
The problem: If the NginX handler needs CDA kinematic (handler is in example.org, portal on example.net), there is an infinite redirect loop (the handler does not see the Cookie).
The solution: Although the fastcgi server adds the header for setting the cookie, this header is not sent to the user (it is ignored by the nginx). You need to extract this header from the internal lmauth handler and add it to the request. This is not covered by the handler example which should includes following (mind the two new lines):
auth_request /lmauth; auth_request_set $lmremote_user $upstream_http_lm_remote_user; auth_request_set $lmlocation $upstream_http_location; auth_request_set $cookie_value $upstream_http_set_cookie; add_header Set-Cookie $cookie_value; error_page 401 $lmlocation;