Support #5132
openLDAP pass through authentication
0%
Description
Hello,
Does anybody have any sample or reference of how to implement LDAP authentication, I need to retrieve the current DOMAIN/User name from the session and use it as current user, and if not pressent use standard login.
Something similar to IIS:
Request.ServerVariables("LOGON_USER")
Thanks in advance,
J.Rey
Updated by Koen Deforche over 7 years ago
- Status changed from New to Feedback
- Assignee set to Koen Deforche
Hey,
We've implemented this in a project, where the LDAP credentials were attached as a header to the first request, this sounds similar to your setup.
These parameters are available in WEnvironment::headerValue()
Regards,
Koen
Updated by José Luis Rey over 7 years ago
Hello Koen,
Thanks for the info.
I manage to solve it using an IIS plug-in that act as a reverse proxy, it is ISAPI_Rewrite of HeliconTech ([[http://www.helicontech.com/isapi_rewrite/download.html]]). I try to do it with IIS native reverse proxy, but the credentials are not available after the redirect.
Just to share it, the script to redirect LDAP credentials to wt server is as follow:
- Helicon ISAPI_Rewrite configuration file
- Version 3.1.0.112
RewriteEngine on
RewriteBase /wtserverredirect
RewriteHeader X-LOGON_USER: .* %{LOGON_USER}
RewriteHeader X-AUTH_TYPE: .* %{AUTH_TYPE}
RewriteHeader X-AUTH_USER: .* %{AUTH_USER}
RewriteRule .\)$ http://wtserverhost:10000/$1 [NC,P]
Wt will receive X-LOGON_USER, X-AUTH_TYPE and X-AUTH_USER as headers.
Just comment that this add credentials to the post header, so wtserverhost should not be visible to the client points to increase security.
Kind regards
J.Rey