Project

General

Profile

Actions

User story #7767

closed

Handle remote header / environment variable based authentification

Added by Matthieu CERDA about 8 years ago. Updated about 2 months ago.

Status:
Resolved
Priority:
5
Assignee:
-
Category:
System integration
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
Fix check:
Regression:
No

Description

The title says it all :)

Typically, in a SSO-enabled environment, one scenario is delegating the Authentication part to either the servlet container, application server or web server, using HTTP headers or an environment variable (REMOTE_USER).

It would be a good idea to have this in Rudder !

Actions #1

Updated by Jonathan CLARKE about 8 years ago

I think this is an excellent idea. It could be very useful.

It would make sense to have the header name configurable. The header should just contain the username, which of course should be checked to actually exist, just like we do with a username from LDAP.

Actions #2

Updated by Matthieu CERDA about 8 years ago

Basically, what I see for this feature is:
  • enable "external.authentication" property (name is up to the implementor :D)
  • choose "external.authentication.header" (something like "Auth-User")

And if this feature is enabled, do just like if we got a successful bind fron LDAP if a user is detected and give it the privileges defined in rudder-users.xml, and fallback to an "anonymous" unprivileged user if no header is found / it is empty / has no privileges.

Actions #3

Updated by Benoît PECCATTE about 8 years ago

A default name of "REMOTE_USER" since it's what is generally user in other applications.

Actions #4

Updated by François ARMAND about 6 years ago

  • Assignee deleted (François ARMAND)
Actions #5

Updated by François ARMAND about 2 months ago

  • Status changed from New to Resolved
  • Regression set to No

We have a plugin for that kind of things, including OAuth2 for ex.

Actions

Also available in: Atom PDF