ADUCID 4.x

User Tools

Site Tools

Trace: overview authorization
nocode:overview

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
nocode:overview [2019/08/01 08:43]
tjotov [No-Code integration overview] 		nocode:overview [2020/02/29 11:07] (current)
mpospisek [No-Code integration overview]
Line 3: Line 3:
   - User opens a web application   - User opens a web application
   - Apache resolves it with code 401 - unauthenticated   - Apache resolves it with code 401 - unauthenticated
-  - [[nocode:binder|ADUCID Binder]] page is diplayed - it is ADUCID authentication page with login button and QR code+  - [[components:binder|ADUCID Binder]] page is diplayed - it is ADUCID authentication page with login button and QR code
   - As soon as user authenticates page is reloaded and proxypass used to retrieve the back-end application for user   - As soon as user authenticates page is reloaded and proxypass used to retrieve the back-end application for user
   - Or Apache has to handle 403 Unauthorized - see [[integration:authorization|Authorization in No-Code]]   - Or Apache has to handle 403 Unauthorized - see [[integration:authorization|Authorization in No-Code]]
  
 In Apache configuration just require authentication: In Apache configuration just require authentication:
-   require valid user+<sxh bash> 
 +require valid user 
 +</sxh>
 ===== REMOTE_USER or any other attribute ===== ===== REMOTE_USER or any other attribute =====
 User ID is sent to application in header attribute - REMOTE_USER User ID is sent to application in header attribute - REMOTE_USER
Line 15: Line 17:
  
 Example how to send X-forwarded-user instead of REMOTE_USER: Example how to send X-forwarded-user instead of REMOTE_USER:
- RewriteEngine On  +<sxh bash> 
- RewriteCond %{LA-U:REMOTE_USER} (.+) +RewriteEngine On  
- RewriteRule .* - [E=RU:%1] +RewriteCond %{LA-U:REMOTE_USER} (.+) 
- RequestHeader set X-Forwarded-User %{RU}e+RewriteRule .* - [E=RU:%1] 
 +RequestHeader set X-Forwarded-User %{RU}e 
 +</sxh>
 ===== Security remarks ===== ===== Security remarks =====
-Apache has to be accessible only via TLS (https) +  * Apache has to be accessible only via TLS (https). 
-Back-end application has to be separated and accessible only from Apache (http, ajp, ...) +  Back-end application has to be separated and accessible only from Apache (http, ajp, ...) 
-Apache installed for ADUCID shouldn't be used for applications. User another instance of Apache instead. +  Apache installed for ADUCID shouldn't be used for applications. User another instance of Apache instead. 
-Headers from client are not transported to the back-end as ProxyPass is used (unless you configure Apache to do it) +  Headers from client are not transported to the back-end as ProxyPass is used (unless you configure Apache to do it) 
-So if users sents REMOTE_USER to Apache, it is wiped out and target application won't see it+  So if users sents REMOTE_USER to Apache, it is wiped out and target application won't see it
  
 ===== Technical overview ===== ===== Technical overview =====
Line 34: Line 38:
   * [[nocode:applications|Applications tested with ADUCID No-Code integration yet]]   * [[nocode:applications|Applications tested with ADUCID No-Code integration yet]]
   * [[nocode:authorization|Authorization in No-code]]   * [[nocode:authorization|Authorization in No-code]]
-  * [[nocode:binder|ADUCID Binder]]+  * [[components:binder|ADUCID Binder]]
nocode/overview.1564648980.txt.gz · Last modified: 2019/08/01 08:43 by tjotov

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki