LDAP Authentication and Authorisation

[Gavin Baumanis]

Hi Everyone,

I have done a search through this mailing list and countless others - but am none the wiser...

Initially, I was going to write into the Silhouette Chat channel - but thought it might need some more detailed discussion.

I am writing an application using Scala / Play and Akka. it uses micro-services.

I am having an issue with getting my head around architecting the application, specifically around Authentication and Authorisation.

Thinking aloud : it might just be easier to tell you what I am thinking and ask for some responses to that...

I want to authenticate users against an LDAP end-point : let's assume Microsoft Active Directory.

I want to authorise specific permissions based on Active Directory Groups.

Because of the micro-services - it seems that a session-based (timed-out) token based approach would serve well.

(but am happy to be told otherwise!)

And assuming I'm not totally missing something - Silhouette seems to fit the bill - but for integration with LDAP.

In THIS instance, the security framework needs to be LDAP-based... but in some others there is no need for LDAP and OAuth2 would work great.

So I would really like to just have to use a single library - if I can.

So I am hoping I might get some feedback on;

Is it (sensibly) possible to integrate an AD end-point with Silhouette?

Are there any examples?

I am not trying to be lazy, either , I just don't have the required domain knowledge to get to the end of a working solution on my own.

I will happily and enthusiastically do documentation tasks / testing and contribute to discussions.... but realistically don't believe I know enough to contrbute any "real" code that might be needed.

I am,0 certainly, happy to learn  - but might need a fair bit of hand holding....

there is of course the alternative - that just because it sounds like a good idea - doesn't necessarily - for any number of reasons - make it worthwhile in pursuing.

I am genuinely happy to accept any / all feedback!

[Christian Kaps]

Hi,

Currently Silhouette supports LDAP only through the CAS protocol. This means you need a CAS server which handles the connection to the LDAP server. Silhouette then connects to this server with the CASProvider.

Best regards,

Christian