-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pickup on current logged in user #10
Comments
...thank you again for considering the concern! It would appear that IE will allow ActiveX (via JavaScript) to return simple properties concerning the current connected domain, username, and computername. http://stackoverflow.com/questions/1441209/grab-username-from-ie-to-authenticate-against-ldap Getting closer... |
Seems like it maybe possible to pickup the current user via a param http://stackoverflow.com/questions/168610/can-you-get-a-windows-ad-username-in-php It looks like for this to work adauth is going to require the details of an account capable of doing ldap queries, that way it can see the DOMAIN\User param and then login and query ldap to see if DOMAIN\User exists and is allowed to login. I will do some testing soon and see how it goes. |
See issue #16 for the in-adauth part of this issue |
Here is some related information: http://www.zorched.net/2007/06/04/active-directory-authentication-for-ruby-on-rails/. Still researching, but it looks like this is the case: when apache is configured correctly and your browser can pass your credentials, then your AD account name is available in the request (request.env["REMOTE_USER"] || request.env['HTTP_REMOTE_USER'] || request.headers['X-Forwarded-User']). IE passes credentials. Firefox can (with some configuration). Others? Unknown. |
It does look like it is upto your webserver to request it and not adauth to pick up on it. The solution as I see it is to setup something similar to the solution in @mattscilipoti's post and then modify the sessions controller to handle the case of that param existing. I will look at working something out in the future but for now it doesn't seem like its a code/setup change in Adauth that's needed. |
As bought up on reddit by mikefh.
I'm not really sure how this could work but its worth looking to see if there is someway Adauth can be used to provide this functionality.
My current line of thinking is that share point must use some kind of javascript or activex object to pickup on the user via some kind of token that can't be forged, so if that could be passed to adauth somehow then it maybe possible to find the current user.
I'm not assigning this to 1.1.0 (yet) until I have some idea how to achieve it but any input on this issue would be greatly appreciated.
The text was updated successfully, but these errors were encountered: