I realized from a previous question that I had been asking the wrong question...I would like to turn my application into a CAS server so that admins of the application may use this same authentication mechanism to log into other applications that we develop for the organization.
Have you done this before? Is there a plugin which adds the ability to Devise to be able to act as a CAS server? What do I need to change/add in order to turn the app into a CAS server?
Check this similar question, that explains rails 4 issues with devise_cas_authenticatable gem.
For the Server, you may use CASino for the server, it looks very clean. Check its installation guide.
OR
An Alternative solution, if both apps are on the same domain and they share the same database, you can simply modify the session cookie to be universal for all subdomains on your specified domain.
This is regards to SSO supports required on the Bugzilla. I am ROR developer working on one of my project where I requires the SSO functionality for Bugzilla. Let me explore the scenario:
My application is running on rails 2.3.5 and ruby 1.8.7. I have the domain name beta.abc.com with their specific database and on the other hand i installed Bugzilla for my application that is having the domain name bugs.abc.com(that redirects me to Bugzilla home page) and having the separate database i.e. bugs.
Now my query is that I want the single sign on for my Bugzilla account that the user will not required to register on Bugzilla for new account instead of it they can use beta.abc.com credentials in Bugzilla and able to login to Bugzilla same credentials.
I go through with multiple documentation to fix this issue but all in vain .I don’t find any feasible solution to overcome from this problem.Kindly to let me know and provide me any feasible solution for it.
Thanks in advance.
You can use a RADIUS server or LDAP server for authentication (exclusively or in addition to the standard authentication) to centralize the authentication process. See http://www.bugzilla.org/docs/tip/en/html/parameters.html for more information.
I'm trying to get http basic authentication working on my rails app. I am running the app with nginx and passenger. I have the authlogic gem working and my authentication works. I have even used the single_access_token successfully. For some reason though, I am not able to authenticate using http basic authentication. As I understand, I shouldn't need to set anything up for it to work as it is enabled by default. I don't even know where to look through logs to figure this out.
I did some further testing and found out that i can authenticate with basic http authentication using curl on my mac but on my linux box wget does not work, using the same username/password. I have also tried with firefox from my linux box with no success.
This ground has been covered on SO previously.
Im trying to allow users to login to a website by verifying if they are registered users of a sister website. Im not really sure what is the best way to implement this. The website which is referred to uses authlogic authentication, so would it be wise to have a REST method that the new website calls to obtain a session token of some sort.
Thanks in advance.
Do you want to check credentials only or sync sessions too? --i.e., if I'm logged in website A, I'm also logged in website B. If it's the second case, you need some sort of single-sign-on solution. CAS seems to be a protocol with solid Ruby implentations (see Ruby CAS Server and Ruby CAS client. Keep in mind that you'd have to rewrite both apps if you decide to go this way.
If the database is setup to accept external connections, you can access the user info directly that way.
I believe that we can allow Firefox to sent NTLM data to SharePoint sites to do automatic authentication, and I think that this is doable with IIS.
I'd like to do the same thing with an internal Rails site.
Does anyone know of way that I could authenticate NTLM type user information through a Apache/mongrel setup (provided of course that it's already running on a Windows box inside of an Active Directory domain)?
I created tutorial on how to install patched mod_ntlm module for Apache on Linux and how to pass NTLM authenticated username to Rails and how create Rails session from that. So as a result you do not need Windows server for running Rails application.
There you can find also how to enable automatic NTLM authentication in Firefox — enter "about:config" in location field and then search for "network.automatic-ntlm-auth.trusted-uris". There you can enter servers for which you would like to use automatic NTLM authentication.
Bit of extra info in case anyone stumbles across this.
I wanted to do something which I thought should be pretty simple - extract the users windows username using NTLM from a Rails app running on Mongrel/Windows (InstantRails actually). Having written the basic code manage the various handshaking operations (using the great NTLMRuby library at http://rubyforge.org/projects/rubyntlm/) and having got it to work wonderfully in Firefox I was somewhat frustrated to find IE not working.
Mongrel doesn't support keep-alives during the type1/2/3 message exchange (at least natively, I believe there's a hack/fix for it), which IE demands and Firefox gets by without.
So authenticating a Rails server running on Windows against a remote NTLM service (e.g. Sharepoint or another web site) is reasonably straight forward, but authenticating an IE browser against a Rails server running on Windows not so much with Mongrel. IIS would be an option, as might be basic Apache with FastCGI. The former feels a bit clunky and the latter won't be as fast as Mongrel.
I'm assuming you've already worked out which HTTP headers you need to send in order to get firefox and IE to send back the NTLM authentication stuff, and are just needing to handle that on the server side?
You could use some of ruby's win32 libraries to access the underlying windows authentication functions which handle the NTLM.
I'd suggest the path of least resistance might be to see if there is a COM component which can do the authentication for you, and if so, to use it using the Win32OLE ruby library.
If there's no COM component, you might be able to find something in one of those other libraries which can invoke the native win32 methods for you.
If you can't find that, you'd have to write a ruby C extension. I've done this on linux, and extending ruby is pretty easy, but you may find the microsoft authentication API's a bit painful.
Hope that gets you started on the right track :-)
You could also use the Apache ntlm module, which should pass a header onwards to your application with the username of the authenticated user. That module looks a bit old, but suggests some other modules that may suit your needs.
Old question I know but I came across this looking for a similar answer.
you could use the methods described here (http://blog.rayapps.com/2008/12/02/ntlm-windows-domain-authentication-for-rails-application/). However mod_ntlm is for windows authentication on a UNIX/linux machine. mod_auth_sspi is what you'll need for winNT authentication from apache under windows.
This particular project looks promising and is looking for contributors:
Rack middleware for transparent authentication with NTLM.
I haven't yet tried this out. For the moment I plan on implementing Raimonds' solution as it appears to have a lot of success.
Check out Waffle. It provides SSO on Windows to Java servers using Win32 API. There're a number of implemented filters (servlet, tomcat valve, spring-security).