Lighttpd

I'm using lighttpd 1.4.53 on Debian Buster.

lighttpd is running as an reverse proxy and all redirection is to be done as rewrite since user has no access to final target.

Based on client authentication user should be directed to different URL.

I did try

var.REMOTE_USER=="xxxx" {
url.rewrite-once = ( "/mantis/login_page.php" => "/mantis/login.php?username=yyyy&password=zzzz" )
}

but it does result in parser error - this kind of operation seems not to be supported.

How can I achieve such an rewriting?