This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
nocode:overview [2019/08/01 08:35] tjotov created |
nocode:overview [2020/02/29 11:07] (current) mpospisek [No-Code integration overview] |
||
---|---|---|---|
Line 3: | Line 3: | ||
- User opens a web application | - User opens a web application | ||
- Apache resolves it with code 401 - unauthenticated | - Apache resolves it with code 401 - unauthenticated | ||
- | - [[integration: | + | - [[components: |
- As soon as user authenticates page is reloaded and proxypass used to retrieve the back-end application for user | - As soon as user authenticates page is reloaded and proxypass used to retrieve the back-end application for user | ||
- Or Apache has to handle 403 Unauthorized - see [[integration: | - Or Apache has to handle 403 Unauthorized - see [[integration: | ||
In Apache configuration just require authentication: | In Apache configuration just require authentication: | ||
- | require valid user | + | <sxh bash> |
+ | require valid user | ||
+ | </ | ||
===== REMOTE_USER or any other attribute ===== | ===== REMOTE_USER or any other attribute ===== | ||
User ID is sent to application in header attribute - REMOTE_USER | User ID is sent to application in header attribute - REMOTE_USER | ||
Line 15: | Line 17: | ||
Example how to send X-forwarded-user instead of REMOTE_USER: | Example how to send X-forwarded-user instead of REMOTE_USER: | ||
- | RewriteEngine On | + | <sxh bash> |
- | RewriteCond %{LA-U: | + | RewriteEngine On |
- | RewriteRule .* - [E=RU:%1] | + | RewriteCond %{LA-U: |
- | RequestHeader set X-Forwarded-User %{RU}e | + | RewriteRule .* - [E=RU:%1] |
+ | RequestHeader set X-Forwarded-User %{RU}e | ||
+ | </ | ||
===== Security remarks ===== | ===== Security remarks ===== | ||
- | Apache has to be accessible only via TLS (https) | + | * Apache has to be accessible only via TLS (https). |
- | Back-end application has to be separated and accessible only from Apache (http, ajp, ...) | + | |
- | Apache installed for ADUCID shouldn' | + | |
- | Headers from client are not transported to the back-end as ProxyPass is used (unless you configure Apache to do it) | + | |
- | So if users sents REMOTE_USER to Apache, it is wiped out and target application won't see it | + | |
===== Technical overview ===== | ===== Technical overview ===== | ||
Line 32: | Line 36: | ||
===== Other topics ===== | ===== Other topics ===== | ||
- | * [[integration: | + | * [[nocode: |
- | * [[integration: | + | * [[nocode: |
- | * [[integration: | + | * [[components: |