This is an old revision of the document!
ADUCID offers No—code integration as default authentication method. It is implemented a set of modules including Apache web server and ADUCID core components. As result, target application receives user login name in http header (e.g. REMOTE_USER).
User ID is sent to application in header attribute - REMOTE_USER In ADUCID AIM it is called UDI As we use Apache you can rename it to anything else - some applications use x-forwarded-user or other user ID
Apache has to be accessible only via TLS (https) Back-end application has to be separated and accessible only from Apache (http, ajp, …) Apache installed for ADUCID shouldn't be used for applications. User another instance of Apache instead. Headers from client are not transported to the back-end as ProxyPass is used (unless you configure Apache to do it) So if users sents REMOTE_USER to Apache, it is wiped out and target application won't see it