rails authentication

[Ian Schreuder]

Does anyone have any experience authenticating users on a web app without using a separate login screen, once they’ve already authenticated on their domain?

We have a client who requires us to authenticate their user base via their active-directory, but without making their users resubmit their credentials on our app.  I’ve successfully managed to query an active directory service using ruby-net-ldap, but only by explicitly submitting a username and password.  Is there some token that I can query (something like request.env[:remote_user] and password) that will give me the user’s credentials?

I’ve also seen that apache has a couple of modules (mod_ldap, mod_auth_ldap) that can authenticate, but I’m not sure off-hand how I would incorporate that into my rails app.

At any rate, any help would be appreciated.  

Thanks,
Ian

[Jeremy Witmer]

Check to see if either of those modules set ENV variables. I know
mod_ssl sets environment variables that the Rails app can pick up on
the back end to authenticate a user (this is how I've done it in the
past, using client SSL certs to log the user in.)

-Jeremy

[Ryan L. Cross]

I can tell you right now that it is probably impossible to obtain the
user's password. I struggled with this very issue for about a month,
trying to find the solution. It was not pretty. I found that Windows
does keep an accessible variable for the password due to security, but
if I remember correctly, you can obtain the user's username from an
environment variable, as you suggested.

Things may have changed, it has been nearly a year since I attempted
that unsuccessfully. But I hope this helps in the mean time.

Ryan L. Cross
http://sadmonkey.net
Quidquid latine dictum sit altum viditur

[tyler.a.m...@gmail.com]

check out RubyCAS http://code.google.com/p/rubycas-server/