Project

General

Profile

Support #5132

LDAP pass through authentication

Added by José Luis Rey over 6 years ago. Updated over 6 years ago.

Status:
Feedback
Priority:
Normal
Assignee:
Target version:
-
Start date:
07/27/2016
Due date:
% Done:

0%

Estimated time:

Description

Hello,

Does anybody have any sample or reference of how to implement LDAP authentication, I need to retrieve the current DOMAIN/User name from the session and use it as current user, and if not pressent use standard login.

Something similar to IIS:

Request.ServerVariables("LOGON_USER")

Thanks in advance,

J.Rey

#1

Updated by Koen Deforche over 6 years ago

  • Status changed from New to Feedback
  • Assignee set to Koen Deforche

Hey,

We've implemented this in a project, where the LDAP credentials were attached as a header to the first request, this sounds similar to your setup.

These parameters are available in WEnvironment::headerValue()

Regards,

Koen

#2

Updated by José Luis Rey over 6 years ago

Hello Koen,

Thanks for the info.

I manage to solve it using an IIS plug-in that act as a reverse proxy, it is ISAPI_Rewrite of HeliconTech ([[http://www.helicontech.com/isapi_rewrite/download.html]]). I try to do it with IIS native reverse proxy, but the credentials are not available after the redirect.

Just to share it, the script to redirect LDAP credentials to wt server is as follow:

  1. Helicon ISAPI_Rewrite configuration file
  2. Version 3.1.0.112
    RewriteEngine on
    RewriteBase /wtserverredirect

RewriteHeader X-LOGON_USER: .* %{LOGON_USER}

RewriteHeader X-AUTH_TYPE: .* %{AUTH_TYPE}

RewriteHeader X-AUTH_USER: .* %{AUTH_USER}

RewriteRule .\)$ http://wtserverhost:10000/$1 [NC,P]

Wt will receive X-LOGON_USER, X-AUTH_TYPE and X-AUTH_USER as headers.

Just comment that this add credentials to the post header, so wtserverhost should not be visible to the client points to increase security.

Kind regards

J.Rey

Also available in: Atom PDF