User Tools

Site Tools


integration:overview

This is an old revision of the document!


No-Code integration ovrview

  1. User opens a web application
  2. Apache resolves it with code 401 - unauthenticated
  3. ADUCID Binder page is diplayed - it is ADUCID authentication page with login button and QR code
  4. As soon as user authenticates page is reloaded and proxypass used to retrieve the back-end application for user
  5. Or Apache has to handle 403 Unauthorized - see Authorization in No-code

In Apache configuration just require authentication:

 require valid user

REMOTE_USER or any other attribute

User ID is sent to application in header attribute - REMOTE_USER In ADUCID AIM it is called UDI As we use Apache you can rename it to anything else - some applications use x-forwarded-user or other user ID

Example how to send X-forwarded-user instead of REMOTE_USER:

RewriteEngine On	
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule .* - [E=RU:%1]
RequestHeader set X-Forwarded-User %{RU}e

Security remarks

Apache has to be accessible only via TLS (https) Back-end application has to be separated and accessible only from Apache (http, ajp, …) Apache installed for ADUCID shouldn't be used for applications. User another instance of Apache instead. Headers from client are not transported to the back-end as ProxyPass is used (unless you configure Apache to do it) So if users sents REMOTE_USER to Apache, it is wiped out and target application won't see it

Technical overview

This picture describes internal components of No-code integration solution.

Other topics

integration/overview.1564647777.txt.gz · Last modified: 2019/08/01 08:22 by tjotov