ADUCID 4.x

User Tools

Site Tools

Trace:
integration:start

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
Next revision Both sides next revision
integration:start [2018/05/18 09:46]
10.144.24.34 created 		integration:start [2018/06/14 12:50]
tjotov
Line 1: Line 1:
 ====== No-code integration ====== ====== No-code integration ======
 +===== Overview =====
 +ADUCID offers No—code integration as default integration method. It is implemented a set of modules including Apache web server and ADUCID core components. As result, target application receives user login name in http header (e.g. REMOTE_USER).
 +Many applications support header authentication by default or have authentication module available or can be easily modified to user header authentication.
  
 +
 +{{:integration:no-code-overview.png?600|}}
 +
 +===== How it works =====
 +  - User opens a web application
 +  - Apache resolves it with code 401 - unauthenticated
 +  - [[integration:binder|ADUCID Binder]] page is diplayed - it is ADUCID authentication page with login button and QR code
 +  - As soon as user authenticates page is reloaded and proxypass used to retrieve the back-end application for user
 +  - Or Apache has to handle 403 Unauthorized - see [[integration:authorization|Authorization in No-code]]
 +
 +In Apache configuration just require authentication:
 +   require valid user
 +===== REMOTE_USER or any other attribute =====
 +User ID is sent to application in header attribute - REMOTE_USER
 +In ADUCID AIM it is called UDI
 +As we use Apache you can rename it to anything else - some applications use x-forwarded-user or other user ID
 +
 +===== Security remarks =====
 +Apache has to be accessible only via TLS (https)
 +Back-end application has to be separated and accessible only from Apache (http, ajp, ...)
 +Apache installed for ADUCID shouldn't be used for applications. User another instance of Apache instead.
 +Headers from client are not transported to the back-end as ProxyPass is used (unless you configure Apache to do it)
 +So if users sents REMOTE_USER to Apache, it is wiped out and target application won't see it
 +
 +===== Technical overview =====
 +{{:integration:no-code-overview2.png?600|}}
 +
 +This picture describes internal components of No-code integration solution.
 +
 +===== Other topics =====
 +  * [[integration:transactions|Transaction support for No-Code]]
 +  * [[integration:applications|Applications tested with ADUCID No-code integration yet]]
 +  * [[integration:authorization|Authorization in No-code]]
 +  * [[integration:binder|ADUCID Binder]]

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki