1. User opens a web application
  2. Apache resolves it with code 401 - unauthenticated
  3. ADUCID Binder page is diplayed - it is ADUCID authentication page with login button and QR code
  4. As soon as user authenticates page is reloaded and proxypass used to retrieve the back-end application for user
  5. Or Apache has to handle 403 Unauthorized - see Authorization in No-Code

In Apache configuration just require authentication:

require valid user

User ID is sent to application in header attribute - REMOTE_USER In ADUCID AIM it is called UDI As we use Apache you can rename it to anything else - some applications use x-forwarded-user or other user ID

Example how to send X-forwarded-user instead of REMOTE_USER:

RewriteEngine On	
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule .* - [E=RU:%1]
RequestHeader set X-Forwarded-User %{RU}e

  • Apache has to be accessible only via TLS (https).
  • Back-end application has to be separated and accessible only from Apache (http, ajp, …)
  • Apache installed for ADUCID shouldn't be used for applications. User another instance of Apache instead.
  • Headers from client are not transported to the back-end as ProxyPass is used (unless you configure Apache to do it)
  • So if users sents REMOTE_USER to Apache, it is wiped out and target application won't see it

This picture describes internal components of No-Code integration solution.

  • nocode/overview.txt
  • Last modified: 2020/02/29 11:07
  • by mpospisek