|
midrange.com
To add to Scott's comments, when you set up Apache for SSO, the AD auth user gets populated with user@domain so your app code can use that info to determine if the user is logged in correctly if you need to check the user name.
Personally I also like to cache session state in the database and assign a session ID that expires. Then the browser or smart client app only needs to hold the session ID locally when it's doing its communication.
Regards,
Richard Schoen | Director of Document Management Technologies, HelpSystems
T: + 1 952-486-6802
RJS Software Systems | A Division of HelpSystems
richard.schoen@xxxxxxxxxxxxxxx
www.rjssoftware.com
Visit me on: Twitter | LinkedIn
------------------------------
message: 6
date: Thu, 14 May 2015 23:41:38 -0500
from: Scott Klement <web400@xxxxxxxxxxxxxxxx>
subject: Re: [WEB400] IBM i authentication and RESTful web service
design
Kelly,
If you have SSO already set up (such as LDAP, etc) then you can
configure Apache to use it. You would add something like this to your
config file for LDAP support:
LoadModule ibm_ldap_module /QSYS.LIB/QHTTPSVR.LIB/QZSRVLDAP.SRVPGM
<DirectoryMatch "^/QSYS\.LIB/YOURLIB\.LIB/[a-z0-9]*\.PGM">
LDAPConfigFile /www/YOUR-HTTP-INSTANCE/conf/ldap.prop
PasswdFile %%LDAP%%
AuthType Basic
AuthName "Kelly's Service"
Require valid-user
</DirectoryMatch>
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
