Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
integration:start [2018/06/14 12:52]
tjotov [REMOTE_USER or any other attribute]
— (current)
Line 1: Line 1:
-====== No-code integration ====== 
-===== Overview ===== 
-ADUCID offers No—code integration as default integration method. It is implemented a set of modules including Apache web server and ADUCID core components. As result, target application receives user login name in http header (e.g. REMOTE_USER). 
-Many applications support header authentication by default or have authentication module available or can be easily modified to user header authentication. 
  
- 
-{{:​integration:​no-code-overview.png?​600|}} 
- 
-===== How it works ===== 
-  - User opens a web application 
-  - Apache resolves it with code 401 - unauthenticated 
-  - [[integration:​binder|ADUCID Binder]] page is diplayed - it is ADUCID authentication page with login button and QR code 
-  - As soon as user authenticates page is reloaded and proxypass used to retrieve the back-end application for user 
-  - Or Apache has to handle 403 Unauthorized - see [[integration:​authorization|Authorization in No-code]] 
- 
-In Apache configuration just require authentication:​ 
-   ​require valid user 
-===== REMOTE_USER or any other attribute ===== 
-User ID is sent to application in header attribute - REMOTE_USER 
-In ADUCID AIM it is called UDI 
-As we use Apache you can rename it to anything else - some applications use x-forwarded-user or other user ID 
- 
-Example how to send X-forwarded-user instead of REMOTE_USER:​ 
- RewriteEngine On  
- RewriteCond %{LA-U:​REMOTE_USER} (.+) 
- RewriteRule .* - [E=RU:%1] 
- RequestHeader set X-Forwarded-User %{RU}e 
-===== Security remarks ===== 
-Apache has to be accessible only via TLS (https) 
-Back-end application has to be separated and accessible only from Apache (http, ajp, ...) 
-Apache installed for ADUCID shouldn'​t be used for applications. User another instance of Apache instead. 
-Headers from client are not transported to the back-end as ProxyPass is used (unless you configure Apache to do it) 
-So if users sents REMOTE_USER to Apache, it is wiped out and target application won't see it 
- 
-===== Technical overview ===== 
-{{:​integration:​no-code-overview2.png?​600|}} 
- 
-This picture describes internal components of No-code integration solution. 
- 
-===== Other topics ===== 
-  * [[integration:​transactions|Transaction support for No-Code]] 
-  * [[integration:​applications|Applications tested with ADUCID No-code integration yet]] 
-  * [[integration:​authorization|Authorization in No-code]] 
-  * [[integration:​binder|ADUCID Binder]] 
  • integration/start.1528980760.txt.gz
  • Last modified: 2018/06/14 12:52
  • by tjotov