User story #7767
closed
Handle remote header / environment variable based authentification
Added by Matthieu CERDA over 8 years ago.
Updated 3 months ago.
Category:
System integration
Description
The title says it all :)
Typically, in a SSO-enabled environment, one scenario is delegating the Authentication part to either the servlet container, application server or web server, using HTTP headers or an environment variable (REMOTE_USER).
It would be a good idea to have this in Rudder !
I think this is an excellent idea. It could be very useful.
It would make sense to have the header name configurable. The header should just contain the username, which of course should be checked to actually exist, just like we do with a username from LDAP.
Basically, what I see for this feature is:
- enable "external.authentication" property (name is up to the implementor :D)
- choose "external.authentication.header" (something like "Auth-User")
And if this feature is enabled, do just like if we got a successful bind fron LDAP if a user is detected and give it the privileges defined in rudder-users.xml, and fallback to an "anonymous" unprivileged user if no header is found / it is empty / has no privileges.
A default name of "REMOTE_USER" since it's what is generally user in other applications.
- Assignee deleted (
François ARMAND)
- Status changed from New to Resolved
- Regression set to No
We have a plugin for that kind of things, including OAuth2 for ex.
Also available in: Atom
PDF
Updated by 
Updated by Matthieu CERDA 
Updated by 
Updated by