integration:start
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
integration:start [2018/06/14 12:52] tjotov [REMOTE_USER or any other attribute] |
integration:start [2019/08/01 08:35] tjotov removed |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== No-code integration | + | ====== No-Code Integration |
| - | ===== Overview | + | |
| ADUCID offers No—code integration as default integration method. It is implemented a set of modules including Apache web server and ADUCID core components. As result, target application receives user login name in http header (e.g. REMOTE_USER). | ADUCID offers No—code integration as default integration method. It is implemented a set of modules including Apache web server and ADUCID core components. As result, target application receives user login name in http header (e.g. REMOTE_USER). | ||
| Many applications support header authentication by default or have authentication module available or can be easily modified to user header authentication. | Many applications support header authentication by default or have authentication module available or can be easily modified to user header authentication. | ||
| - | {{: | ||
| - | |||
| - | ===== How it works ===== | ||
| - | - User opens a web application | ||
| - | - Apache resolves it with code 401 - unauthenticated | ||
| - | - [[integration: | ||
| - | - As soon as user authenticates page is reloaded and proxypass used to retrieve the back-end application for user | ||
| - | - Or Apache has to handle 403 Unauthorized - see [[integration: | ||
| - | |||
| - | In Apache configuration just require authentication: | ||
| - | | ||
| - | ===== REMOTE_USER or any other attribute ===== | ||
| - | User ID is sent to application in header attribute - REMOTE_USER | ||
| - | In ADUCID AIM it is called UDI | ||
| - | As we use Apache you can rename it to anything else - some applications use x-forwarded-user or other user ID | ||
| - | |||
| - | Example how to send X-forwarded-user instead of REMOTE_USER: | ||
| - | RewriteEngine On | ||
| - | RewriteCond %{LA-U: | ||
| - | RewriteRule .* - [E=RU:%1] | ||
| - | RequestHeader set X-Forwarded-User %{RU}e | ||
| - | ===== Security remarks ===== | ||
| - | Apache has to be accessible only via TLS (https) | ||
| - | Back-end application has to be separated and accessible only from Apache (http, ajp, ...) | ||
| - | Apache installed for ADUCID shouldn' | ||
| - | Headers from client are not transported to the back-end as ProxyPass is used (unless you configure Apache to do it) | ||
| - | So if users sents REMOTE_USER to Apache, it is wiped out and target application won't see it | ||
| - | |||
| - | ===== Technical overview ===== | ||
| - | {{: | ||
| - | |||
| - | This picture describes internal components of No-code integration solution. | ||
| - | |||
| - | ===== Other topics ===== | ||
| - | * [[integration: | ||
| - | * [[integration: | ||
| - | * [[integration: | ||
| - | * [[integration: | ||
Page Tools
