Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
nocode:overview [2019/08/01 09:49]
tjotov [Other topics]
nocode:overview [2020/02/29 11:07] (current)
mpospisek [No-Code integration overview]
Line 8: Line 8:
  
 In Apache configuration just require authentication:​ In Apache configuration just require authentication:​
-   require valid user+<sxh bash> 
 +require valid user 
 +</​sxh>​
 ===== REMOTE_USER or any other attribute ===== ===== REMOTE_USER or any other attribute =====
 User ID is sent to application in header attribute - REMOTE_USER User ID is sent to application in header attribute - REMOTE_USER
Line 15: Line 17:
  
 Example how to send X-forwarded-user instead of REMOTE_USER:​ Example how to send X-forwarded-user instead of REMOTE_USER:​
- RewriteEngine On  +<sxh bash> 
- RewriteCond %{LA-U:​REMOTE_USER} (.+) +RewriteEngine On  
- RewriteRule .* - [E=RU:%1] +RewriteCond %{LA-U:​REMOTE_USER} (.+) 
- RequestHeader set X-Forwarded-User %{RU}e+RewriteRule .* - [E=RU:%1] 
 +RequestHeader set X-Forwarded-User %{RU}e 
 +</​sxh>​
 ===== Security remarks ===== ===== Security remarks =====
-Apache has to be accessible only via TLS (https) +  * Apache has to be accessible only via TLS (https). 
-Back-end application has to be separated and accessible only from Apache (http, ajp, ...) +  ​* ​Back-end application has to be separated and accessible only from Apache (http, ajp, ...) 
-Apache installed for ADUCID shouldn'​t be used for applications. User another instance of Apache instead. +  ​* ​Apache installed for ADUCID shouldn'​t be used for applications. User another instance of Apache instead. 
-Headers from client are not transported to the back-end as ProxyPass is used (unless you configure Apache to do it) +  ​* ​Headers from client are not transported to the back-end as ProxyPass is used (unless you configure Apache to do it) 
-So if users sents REMOTE_USER to Apache, it is wiped out and target application won't see it+  ​* ​So if users sents REMOTE_USER to Apache, it is wiped out and target application won't see it
  
 ===== Technical overview ===== ===== Technical overview =====
  • nocode/overview.1564652973.txt.gz
  • Last modified: 2019/08/01 09:49
  • by tjotov