Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Oauth service for LDAP authentication

Tags:

authentication

oauth

ldap

We have a scenario where we have to authenticate the user with LDAP server

Flow 1:

client --> application server --> LDAP server

In above flow the client enters LDAP credentials which comes to application server and then using python-ldap we can authenticate the user, straight forward. Since the user LDAP credentials comes to application server an organisation may not be willing for such flow for obvious reasons.

Flow 2:

client --> oauth2 --> LDAP server

Oauth scenario suites best here, since authentication of the user is responsibility of the oauth and application server do not need to know the user credentials.

Have anyone encountered such case, if yes, how you tackled it? Is there are any Oauth client for LDAP free and paid ?

like image 693
navyad Avatar asked Aug 03 '16 07:08

navyad

People also ask

Does LDAP Use OAuth?

If you have LDAP implemented, you can add OAuth 2 to give a user (or application), access to your resources (depending on the rules in the LDAP directory) and provide her with a token that must be sent by the user on each request. Know that you can also use one without the other.

What are three ways to LDAP authenticate?

In LDAP, authentication is supplied in the "bind" operation. LDAP v3 supports three types of authentication: anonymous, simple and SASL authentication.

1 Answers

If you don't want user credentials to reach the Application server then what you need is a perimeter authentication. You need to have an external authentication provider , say Oracle Access Manager, that will perform the authentication and set a certain token in the request. The application server can assert this token and let user access resources. This model enables SSO as well.

  1. The resources that require authorized access are configured as protected URLs in OAM.

  2. When a user tries to access a protected resource he is challenged for credentials.

  3. OAM authenticates the user against an LDAP directory(that is configured in OAM).

  4. A token corresponding to the authenticated user is set in the request. Also an SSO cookie is set.

  5. Application server (Weblogic) can assert (verify) this token and let the user access the resource.

Note: Oracle Access Manager supports oAuth as well.

like image 88
Roshith Avatar answered Sep 22 '22 11:09

Roshith
Sign in to Comment

Related questions

Apply authentication in etherpad lite
Restful API call using IOS with authentication
SAML 2.0 vs OpenID
What's the most secure way to embed a password inside Java code? [duplicate]
ZF2 Authentication
HTTP Basic Authentication issue on Android Jelly Bean 4.1 using HttpURLConnection
RTSP Authentication : digest issue
Simple, hard-coded authorization in ASP.NET MVC without complicated providers and database
How to use a Google offline access token to authenticate in background on iOS?
Google OAuth2: Required parameter is missing: grant_type
Access ExpireTimeSpan property of Owin Cookie Authentication to notify user of login expiry
Laravel 5 - change default login action
Does Firebase Email and Password authentication have any security configuration options?
Cannot connect java client to cassandra with password authentication enabled
How to require authentication for all pages with Devise?
Creating a user authentication system for iOS (previously with Parse hopefully AWS) [closed]
Is Firebase's built-in authentication able to be used on a 3rd party server?
Firebase Auth linking anonymous auth user with custom auth user
Push remote commits to github with two-factor authentication enabled
React/Rebase/Firebase warning: Permission Denied - How do I add user authentication?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!