|
To add to Scott's comments, when you set up Apache for SSO, the AD auth user gets populated with user@domain so your app code can use that info to determine if the user is logged in correctly if you need to check the user name. Personally I also like to cache session state in the database and assign a session ID that expires. Then the browser or smart client app only needs to hold the session ID locally when it's doing its communication. Regards, Richard Schoen | Director of Document Management Technologies, HelpSystems T: + 1 952-486-6802 RJS Software Systems | A Division of HelpSystems richard.schoen@xxxxxxxxxxxxxxx www.rjssoftware.com Visit me on: Twitter | LinkedIn ------------------------------ message: 6 date: Thu, 14 May 2015 23:41:38 -0500 from: Scott Klement <web400@xxxxxxxxxxxxxxxx> subject: Re: [WEB400] IBM i authentication and RESTful web service design Kelly, If you have SSO already set up (such as LDAP, etc) then you can configure Apache to use it. You would add something like this to your config file for LDAP support: LoadModule ibm_ldap_module /QSYS.LIB/QHTTPSVR.LIB/QZSRVLDAP.SRVPGM <DirectoryMatch "^/QSYS\.LIB/YOURLIB\.LIB/[a-z0-9]*\.PGM"> LDAPConfigFile /www/YOUR-HTTP-INSTANCE/conf/ldap.prop PasswdFile %%LDAP%% AuthType Basic AuthName "Kelly's Service" Require valid-user </DirectoryMatch>
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.