External Dynamic AUTH with LDAP

#1

Hi,

So i was looking at getting the authentication working with an internal company LDAP, has anyone had any experience with getting this to work? The idea was to pass the username and password to the backend dynamic authentication of crossbar and see if you can bind on the LDAP with that. This is only possible with the ticket based auth as far as I understand, which is I guess not meant for something like thus.

I am wondering, what is a good approach for this.

Thanks.

0 Likes

#2

Hi,

the ticket based auth can be used for this. It is by design the most simple, direct method of auth, using plain auth id / secret. Should be straight forward to write a dyn./custom atuhenticator that talks to your LDAP. You MUST use TLS on the client side (WrbSocket/WAMP), as the password is sent unencrypted.

Cheers,

/Tobias

···

Am 19.09.2016 4:41 nachm. schrieb artyom....@gmail.com:

Hi,

So i was looking at getting the authentication working with an internal company LDAP, has anyone had any experience with getting this to work? The idea was to pass the username and password to the backend dynamic authentication of crossbar and see if you can bind on the LDAP with that. This is only possible with the ticket based auth as far as I understand, which is I guess not meant for something like thus.

I am wondering, what is a good approach for this.

Thanks.

You received this message because you are subscribed to the Google Groups “Crossbar” group.

To unsubscribe from this group and stop receiving emails from it, send an email to crossbario+unsubscribe@googlegroups.com.

To post to this group, send email to cross...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/crossbario/dc585476-bdd8-4ace-8d81-25f1b3a50df5%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

0 Likes

#3

Ya we did. I was just wondering if this was an accepted approach for something like this. Cheers.

···

On Tuesday, September 20, 2016 at 9:34:33 AM UTC+2, Tobias Oberstein wrote:

Hi,

the ticket based auth can be used for this. It is by design the most simple, direct method of auth, using plain auth id / secret. Should be straight forward to write a dyn./custom atuhenticator that talks to your LDAP. You MUST use TLS on the client side (WrbSocket/WAMP), as the password is sent unencrypted.

Cheers,

/Tobias

Sent from Mobile (Google Nexus 5)

Am 19.09.2016 4:41 nachm. schrieb artyo...@gmail.com:

Hi,

So i was looking at getting the authentication working with an internal company LDAP, has anyone had any experience with getting this to work? The idea was to pass the username and password to the backend dynamic authentication of crossbar and see if you can bind on the LDAP with that. This is only possible with the ticket based auth as far as I understand, which is I guess not meant for something like thus.

I am wondering, what is a good approach for this.

Thanks.

You received this message because you are subscribed to the Google Groups “Crossbar” group.

To unsubscribe from this group and stop receiving emails from it, send an email to crossbario+...@googlegroups.com.

To post to this group, send email to cros...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/crossbario/dc585476-bdd8-4ace-8d81-25f1b3a50df5%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

0 Likes

#4

Only problem is how to implement session persistence. To relog with autboahn I need both the ticket and userid. So I guess I would need to roll a createToken endpoint, which does the actual LDAP login and returns a token I can store in the browser localstorage. Or is there a nice way to persist the session?

···

On Tuesday, September 20, 2016 at 10:54:26 AM UTC+2, artyo...@gmail.com wrote:

Ya we did. I was just wondering if this was an accepted approach for something like this. Cheers.

On Tuesday, September 20, 2016 at 9:34:33 AM UTC+2, Tobias Oberstein wrote:

Hi,

the ticket based auth can be used for this. It is by design the most simple, direct method of auth, using plain auth id / secret. Should be straight forward to write a dyn./custom atuhenticator that talks to your LDAP. You MUST use TLS on the client side (WrbSocket/WAMP), as the password is sent unencrypted.

Cheers,

/Tobias

Sent from Mobile (Google Nexus 5)

Am 19.09.2016 4:41 nachm. schrieb artyo...@gmail.com:

Hi,

So i was looking at getting the authentication working with an internal company LDAP, has anyone had any experience with getting this to work? The idea was to pass the username and password to the backend dynamic authentication of crossbar and see if you can bind on the LDAP with that. This is only possible with the ticket based auth as far as I understand, which is I guess not meant for something like thus.

I am wondering, what is a good approach for this.

Thanks.

You received this message because you are subscribed to the Google Groups “Crossbar” group.

To unsubscribe from this group and stop receiving emails from it, send an email to crossbario+...@googlegroups.com.

To post to this group, send email to cros...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/crossbario/dc585476-bdd8-4ace-8d81-25f1b3a50df5%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

0 Likes

#5

how long do you need session persistence? the built in cookie authentication has a hardwired timeout (edit your installed crossbar code to change) that works perfectly – that is, i use LDAP based system auth combined with cookie session auth and it works good.

···

On Tue, Sep 20, 2016 at 5:31 AM artyom....@gmail.com wrote:

Only problem is how to implement session persistence. To relog with autboahn I need both the ticket and userid. So I guess I would need to roll a createToken endpoint, which does the actual LDAP login and returns a token I can store in the browser localstorage. Or is there a nice way to persist the session?

On Tuesday, September 20, 2016 at 10:54:26 AM UTC+2, artyo...@gmail.com wrote:

Ya we did. I was just wondering if this was an accepted approach for something like this. Cheers.

On Tuesday, September 20, 2016 at 9:34:33 AM UTC+2, Tobias Oberstein wrote:

Hi,

the ticket based auth can be used for this. It is by design the most simple, direct method of auth, using plain auth id / secret. Should be straight forward to write a dyn./custom atuhenticator that talks to your LDAP. You MUST use TLS on the client side (WrbSocket/WAMP), as the password is sent unencrypted.

Cheers,

/Tobias

Sent from Mobile (Google Nexus 5)

Am 19.09.2016 4:41 nachm. schrieb artyo...@gmail.com:

Hi,

So i was looking at getting the authentication working with an internal company LDAP, has anyone had any experience with getting this to work? The idea was to pass the username and password to the backend dynamic authentication of crossbar and see if you can bind on the LDAP with that. This is only possible with the ticket based auth as far as I understand, which is I guess not meant for something like thus.

I am wondering, what is a good approach for this.

Thanks.

You received this message because you are subscribed to the Google Groups “Crossbar” group.

To unsubscribe from this group and stop receiving emails from it, send an email to crossba...@googlegroups.com.

To post to this group, send email to cros...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/crossbario/dc585476-bdd8-4ace-8d81-25f1b3a50df5%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

You received this message because you are subscribed to the Google Groups “Crossbar” group.

To unsubscribe from this group and stop receiving emails from it, send an email to crossbario+...@googlegroups.com.

To post to this group, send email to cross...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/crossbario/9c805873-f94b-40f2-8ef8-c35c17737e3b%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

0 Likes