scm-auth-remoteuser-plugin /

Filename Size Date modified Message
src
315 B
1.2 KB
1.3 KB
scm-auth-remote-plugin
==============================
This is a authentication plugin for scm-manager (http://www.scm-manager.org)
that uses a http header variable to authenticate a user.
The idea is to use what every authentication mechanism your reverse proxy
supports and forward the authenticated user to the scm-manager application
via a http header variable.

As an example here is an apache configuration that uses the sspi module to
authenticate the user and then sets the header variable X_REMOTE_USER to the
authenticated user name.

    AuthName "SSPI Authentication"
    AuthType SSPI
    SSPIAuth On
    SSPIOmitDomain On
    SSPIUsernameCase lower
    Require valid-user
    
    RewriteEngine On
    
    RewriteRule (.*) http://myserver:8081/scm/$1 [L,P,E=RU:%{REMOTE_USER}]
    ProxyPassReverse http://10.4.177.133:8081/scm/
    
    RequestHeader set X_REMOTE_USER %{RU}e
    
If the path on your reverse proxy is different then on the backend server you 
must also add a ProxyPassReverseCookiePath directive like:

    ProxyPassReverseCookiePath /scm /myscm
    
IMPORTANT SECURITY INFORMATION
THIS PLUGIN IN ONLY MEANT TO BE USED BEHIND A REVERSE PROXY SERVER
THAT PREVENTS THE END USER OF SETTING THE HEADER VARIABLE HIM SELF 
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.