This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
integration:start [2018/05/18 10:13] 10.144.24.34 |
integration:start [2019/08/01 08:35] tjotov removed |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== No-code integration ====== | + | ====== No-Code Integration |
- | ===== Overview | + | ADUCID offers No—code integration as default |
- | ADUCID offers No—code integration as default | + | Many applications support header |
- | + | ||
- | {{: | + | |
- | + | ||
- | ===== How it works ===== | + | |
- | - User open web application | + | |
- | - Apache resolves it 401 - unauthenticated | + | |
- | - [[integration: | + | |
- | - As soon as user authenticates page is reloaded and proxypass used to retrieve the back-end application for user | + | |
- | - Or Apache has to handle 403 Unauthorized - see [[integration: | + | |
- | + | ||
- | ===== REMOTE_USER | + | |
- | User ID is sent to application in header attribute - REMOTE_USER | + | |
- | In ADUCID AIM it is called UDI | + | |
- | As we use Apache you can rename it to anything else - some applications use x-forwarded-user or other user ID | + | |
- | + | ||
- | ===== Security remarks ===== | + | |
- | Apache has to be accessible only via TLS (https) | + | |
- | Back-end application has to be separated and accessible only from Apache (http, ajp, ...) | + | |
- | Apache installed for ADUCID shouldn' | + | |
- | Headers from client are not transported to the back-end as ProxyPass is used (unless you configure Apache to do it) | + | |
- | So if users sents REMOTE_USER to Apache, it is wiped out and target application won't see it | + | |
- | + | ||