PhenixID web apps authentication – Header based authentication

This authenticator is used in a scenario where you have another security front end, such as a reverse proxy, that stands in front of PhenixID server. The front end server is also responsible of validating the user. The front end proxy needs to pass the username (or other attribute identifying the user) to the back end server (PhenixID server)

Modules Required

  • auth-http

Configuration

Configuration Properties:

Name Description Default value Mandatory
successURL The URL to redirect the browser to after successful authentication Yes
pipeID Id of pipe to be executed Yes
header Name of the header containing the user identifier value. Yes
errorURL The URL to redirect the browser to if an error occurs. No

Example configuration

The configuration must be added in the Advanced section of Configuration Manager.

HTTP Authenticators

{

"alias" : "header",

"name" : "HeaderBasedAuthenticator",

"configuration" : {

"pipeID" : "pipeValidateUserExists",

"header" : "USERID"

},

"id" : "header"

}

Pipe

{

"id" : "pipeValidateUserExists",

"valves" : [  {

"name" : "LDAPSearchValve",

"config" : {

"connection_ref" : "local_ldap",

"base_dn" : "o=IAMService",

"scope" : "SUB",

"size_limit" : 0,

"filter_template" : "(uid={{request.USERID}})",

"attributes" : ""

}

}, {

"name" : "FlowFailValve",

"config" : {

"message":"User does not exist",

"exec_if_expr" : "flow.items().isEmpty()"

}

}]

}