Project

General

Profile

Actions

User story #7767

closed

Handle remote header / environment variable based authentification

Added by Matthieu CERDA almost 9 years ago. Updated 11 months ago.

Status:
Resolved
Priority:
5 (lowest)
Assignee:
-
Category:
System integration
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
Fix check:
Regression:
No

Description

The title says it all :)

Typically, in a SSO-enabled environment, one scenario is delegating the Authentication part to either the servlet container, application server or web server, using HTTP headers or an environment variable (REMOTE_USER).

It would be a good idea to have this in Rudder !

Actions #1

Updated by Jonathan CLARKE almost 9 years ago

I think this is an excellent idea. It could be very useful.

It would make sense to have the header name configurable. The header should just contain the username, which of course should be checked to actually exist, just like we do with a username from LDAP.

Actions #2

Updated by Matthieu CERDA almost 9 years ago

Basically, what I see for this feature is:
  • enable "external.authentication" property (name is up to the implementor :D)
  • choose "external.authentication.header" (something like "Auth-User")

And if this feature is enabled, do just like if we got a successful bind fron LDAP if a user is detected and give it the privileges defined in rudder-users.xml, and fallback to an "anonymous" unprivileged user if no header is found / it is empty / has no privileges.

Actions #3

Updated by Benoît PECCATTE almost 9 years ago

A default name of "REMOTE_USER" since it's what is generally user in other applications.

Actions #4

Updated by François ARMAND almost 7 years ago

  • Assignee deleted (François ARMAND)
Actions #5

Updated by François ARMAND 11 months ago

  • Status changed from New to Resolved
  • Regression set to No

We have a plugin for that kind of things, including OAuth2 for ex.

Actions

Also available in: Atom PDF