No-code integration

ADUCID offers No—code integration as default integration method. It is implemented a set of modules including Apache web server and ADUCID core components. As result, target application receives user login name in http header (e.g. REMOTE_USER). Many applications support header authentication by default or have authentication module available or can be easily modified to user header authentication.

  1. User opens a web application
  2. Apache resolves it with code 401 - unauthenticated
  3. ADUCID Binder page is diplayed - it is ADUCID authentication page with login button and QR code
  4. As soon as user authenticates page is reloaded and proxypass used to retrieve the back-end application for user
  5. Or Apache has to handle 403 Unauthorized - see Authorization in No-code

In Apache configuration just require authentication:

 require valid user

User ID is sent to application in header attribute - REMOTE_USER In ADUCID AIM it is called UDI As we use Apache you can rename it to anything else - some applications use x-forwarded-user or other user ID

Example how to send X-forwarded-user instead of REMOTE_USER:

RewriteEngine On	
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule .* - [E=RU:%1]
RequestHeader set X-Forwarded-User %{RU}e

Apache has to be accessible only via TLS (https) Back-end application has to be separated and accessible only from Apache (http, ajp, …) Apache installed for ADUCID shouldn't be used for applications. User another instance of Apache instead. Headers from client are not transported to the back-end as ProxyPass is used (unless you configure Apache to do it) So if users sents REMOTE_USER to Apache, it is wiped out and target application won't see it

This picture describes internal components of No-code integration solution.

  • integration/start.txt
  • Last modified: 2018/06/14 12:52
  • by tjotov