User Tools

Site Tools


integration:start

This is an old revision of the document!


No-code integration

Overview

ADUCID offers No—code integration as default authentication method. It is implemented a set of modules including Apache web server and ADUCID core components. As result, target application receives user login name in http header (e.g. REMOTE_USER).

How it works

  1. User open web application
  2. Apache resolves it 401 - unauthenticated
  3. ADUCID Binder page is diplayed - it is ADUCID authentication page with login button and QR code
  4. As soon as user authenticates page is reloaded and proxypass used to retrieve the back-end application for user
  5. Or Apache has to handle 403 Unauthorized - see Authorization in No-code

REMOTE_USER or any other attribute

User ID is sent to application in header attribute - REMOTE_USER In ADUCID AIM it is called UDI As we use Apache you can rename it to anything else - some applications use x-forwarded-user or other user ID

Security remarks

Apache has to be accessible only via TLS (https) Back-end application has to be separated and accessible only from Apache (http, ajp, …) Apache installed for ADUCID shouldn't be used for applications. User another instance of Apache instead. Headers from client are not transported to the back-end as ProxyPass is used (unless you configure Apache to do it) So if users sents REMOTE_USER to Apache, it is wiped out and target application won't see it

Detailed view

This picture describes internal components of No-code integration solution.

integration/start.1526640254.txt.gz · Last modified: 2018/05/18 10:44 by 10.144.24.34