Rails and Single Sign on

Hi, I want to slowly start bringing in Rails to my company. I found an
opportunity with some fairly basic web forms that end users will
manage entering data into. The data will be used in an ETL process
later on. Building it will be the easy part, however, those in the
enterprise will require that its accessible from the enterprise portal
and uses their current setup of utilizing LDAP to first log into the
portal to authenticate and then use oblix(oracle access manager) to
intercept someone clicking on a link that will drive them to my site
is something I don’t know how to do with Rails.

Can anyone provide assistance or point me in the right direction? my
google searches haven’t yielded much as of yet. One last thing, does
anyone know if rails will work with Oracle HTTP server? and how to set
up fast CGI for that? I’m hoping it can since Oracle HTTP server is
build based on Apache.

On 8/22/07, pk16 [email protected] wrote:

Hi, I want to slowly start bringing in Rails to my company. I found an
opportunity with some fairly basic web forms that end users will
manage entering data into. The data will be used in an ETL process
later on. Building it will be the easy part, however, those in the
enterprise will require that its accessible from the enterprise portal
and uses their current setup of utilizing LDAP to first log into the
portal to authenticate and then use oblix(oracle access manager) to
intercept someone clicking on a link that will drive them to my site
is something I don’t know how to do with Rails.

I don’t know anything about oblix, but I have put a Junebug wiki
(http://www.junebugwiki.com – a Camping app, not a rails app, but the
same technique would apply) behind a single-sign-in infrastructure
based on CoSign (http://weblogin.org). With CoSign, you have an Apache
module that handles the authentication, so it’s not handled at the
application level. The basic idea was:

  1. Create a CoSign protected url-space in the Apache server.

  2. Use Apache mod_proxy to proxy this space to the Junebug wiki mongrel.

  3. Tweak the junebug code to pick up credentials from the environment
    variables set by the CoSign filter.

Works great. Maybe that will give you some ideas…

Both are good suggestions that I will look into but I’m forced to use
the existing LDAP/Oblix setup. I guess what I was looking for was if
someone specifically set this up. Maybe I can look at the two
solutions and come up with some ideas. Ultimately, a user will log in
once to the portal and then my rails app will need to read some header
parameters that it gets sent back to it from oblix and then initialize
the log in to rails. I guess I’m looking for how to do that…

The best way to do it, and what we do here, is authenticate against our
e-mail server.

For more:
http://daniel.collectiveidea.com/blog/2007/2/8/rails-plugin-imap_authenticatable

set a before_filter that uses net/http to request whether or not the
user is
logged into the portal.

This is gonna be really rough code… I don’t know how to do what you
want,
but I do something similar using a different central auth system.

def get_remote_auth_filter

     # Get validation from remote system
    h = Net::HTTP.new 'auth.mydomain.com', 443
    h.use_ssl = true
    doc = REXML::Document.new(h.get

("/some/remote/url/that/returns/headers_or_something").body)
result = REXML::XPath.first(doc, ‘//root/user/text()’)
if result = “logged in”
# move on
else
flash[:notice] = “not logged in”
redirect_to main_url
end

end

Maybe that will get you on the right track

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs