http://redmine.emweb.be/
http://redmine.emweb.be/favicon.ico?1693408525
2016-08-04T11:20:46Z
Redmine
Wt - Support #5132: LDAP pass through authentication
http://redmine.emweb.be/issues/5132?journal_id=15973
2016-08-04T11:20:46Z
Koen Deforche
koen@emweb.be
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Feedback</i></li><li><strong>Assignee</strong> set to <i>Koen Deforche</i></li></ul><p>Hey,</p>
<p>We've implemented this in a project, where the LDAP credentials were attached as a header to the first request, this sounds similar to your setup.<br><br>
These parameters are available in WEnvironment::headerValue()</p>
<p>Regards,<br><br>
Koen</p>
Wt - Support #5132: LDAP pass through authentication
http://redmine.emweb.be/issues/5132?journal_id=15978
2016-08-04T13:18:39Z
José Luis Rey
jluisrey@digitalfile.net
<ul></ul><p>Hello Koen,</p>
<p>Thanks for the info.</p>
<p>I manage to solve it using an IIS plug-in that act as a reverse proxy, it is ISAPI_Rewrite of HeliconTech ([[<a href="http://www.helicontech.com/isapi_rewrite/download.html]]" class="external">http://www.helicontech.com/isapi_rewrite/download.html]]</a>). I try to do it with IIS native reverse proxy, but the credentials are not available after the redirect.</p>
<p>Just to share it, the script to redirect LDAP credentials to wt server is as follow:</p>
<ol>
<li> Helicon ISAPI_Rewrite configuration file</li>
<li> Version 3.1.0.112<br>
RewriteEngine on<br>
RewriteBase /wtserverredirect</li>
</ol>
<p>RewriteHeader X-LOGON_USER: .* %{LOGON_USER}<br><br>
RewriteHeader X-AUTH_TYPE: .* %{AUTH_TYPE}<br><br>
RewriteHeader X-AUTH_USER: .* %{AUTH_USER}</p>
<p>RewriteRule <sup>.\</sup>)$ <a href="http://wtserverhost:10000/$1" class="external">http://wtserverhost:10000/$1</a> [NC,P]</p>
<p>Wt will receive X-LOGON_USER, X-AUTH_TYPE and X-AUTH_USER as headers.</p>
<p>Just comment that this add credentials to the post header, so wtserverhost should not be visible to the client points to increase security.</p>
<p>Kind regards<br><br>
J.Rey</p>