User Tools

Site Tools


integration:start

This is an old revision of the document!


No-code integration

Overview

ADUCID offers No—code integration as default authentication method. It is implemented a set of modules including Apache web server and ADUCID core components. As result, target application receives user login name in http header (e.g. REMOTE_USER).

How it works

  1. User open web application
  2. Apache resolves it 401 - unauthenticated
  3. ADUCID Binder page is diplayed - it is ADUCID authentication page with login button and QR code
  4. As soon as user authenticates page is reloaded and proxypass used to retrieve the back-end application for user
  5. Or Apache has to handle 403 Unauthorized - see Authorization in No-code

REMOTE_USER or any other attribute

User ID is sent to application in header attribute - REMOTE_USER In ADUCID AIM it is called UDI As we use Apache you can rename it to anything else - some applications use x-forwarded-user or other user ID

Security headlines

Apache has to be accessible only via TLS (https) Back-end application has to be separated and accessible only from Apache (http, ajp, …) Headers from client are not transported to the back-end as ProxyPass is used (unless you configure Apache to do it)

So if users sents REMOTE_USER to Apache, it is wiped out

integration/start.1526638284.txt.gz · Last modified: 2018/05/18 10:11 by 10.144.24.34