External Dynamic AUTH with LDAP

[artyom....@gmail.com]

Hi,

So i was looking at getting the authentication working with an internal company LDAP, has anyone had any experience with getting this to work? The idea was to pass the username and password to the backend dynamic authentication of crossbar and see if you can bind on the LDAP with that. This is only possible with the ticket based auth as far as I understand, which is I guess not meant for something like thus. 

I am wondering, what is a good approach for this.

Thanks.

[Tobias Oberstein]

Hi,

the ticket based auth can be used for this. It is by design the most simple, direct method of auth, using plain auth id / secret. Should be straight forward to write a dyn./custom atuhenticator that talks to your LDAP. You MUST use TLS on the client side (WrbSocket/WAMP), as the password is sent unencrypted.

Cheers,
/Tobias

Sent from Mobile (Google Nexus 5)

--
You received this message because you are subscribed to the Google Groups "Crossbar" group.
To unsubscribe from this group and stop receiving emails from it, send an email to crossbario+unsubscribe@googlegroups.com.
To post to this group, send email to cross...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/crossbario/dc585476-bdd8-4ace-8d81-25f1b3a50df5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[artyom....@gmail.com]

Ya we did. I was just wondering if this was an accepted approach for something like this. Cheers.

On Tuesday, September 20, 2016 at 9:34:33 AM UTC+2, Tobias Oberstein wrote:

Hi,

the ticket based auth can be used for this. It is by design the most simple, direct method of auth, using plain auth id / secret. Should be straight forward to write a dyn./custom atuhenticator that talks to your LDAP. You MUST use TLS on the client side (WrbSocket/WAMP), as the password is sent unencrypted.

Cheers,
/Tobias

Sent from Mobile (Google Nexus 5)

Am 19.09.2016 4:41 nachm. schrieb <artyom....@gmail.com>:

Hi,

So i was looking at getting the authentication working with an internal company LDAP, has anyone had any experience with getting this to work? The idea was to pass the username and password to the backend dynamic authentication of crossbar and see if you can bind on the LDAP with that. This is only possible with the ticket based auth as far as I understand, which is I guess not meant for something like thus. 

I am wondering, what is a good approach for this.

Thanks.

--
You received this message because you are subscribed to the Google Groups "Crossbar" group.

To unsubscribe from this group and stop receiving emails from it, send an email to crossbario+...@googlegroups.com.

[artyom....@gmail.com]

Only problem is how to implement session persistence. To relog with autboahn I need both the ticket and userid. So I guess I would need to roll a createToken endpoint, which does the actual LDAP login and returns a token I can store in the browser localstorage. Or is there a nice way to persist the session?

[David Ford]

how long do you need session persistence? the built in cookie authentication has a hardwired timeout (edit your installed crossbar code to change) that works perfectly -- that is, i use LDAP based system auth combined with cookie session auth and it works good.

To view this discussion on the web visit https://groups.google.com/d/msgid/crossbario/9c805873-f94b-40f2-8ef8-c35c17737e3b%40googlegroups.com.